GHSA-864f-7xjm-2jp2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-864f-7xjm-2jp2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-864f-7xjm-2jp2/GHSA-864f-7xjm-2jp2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-864f-7xjm-2jp2
- Aliases
- Published
- 2025-04-25T06:30:56Z
- Modified
- 2025-05-05T21:57:30Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- CNCF K3s Kubernetes kubelet configuration exposes credentials
- Details
-
CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.
- Database specific
{ "nvd_published_at": "2025-04-25T05:15:33Z", "cwe_ids": [ "CWE-1188" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-25T15:07:32Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-46599
- https://github.com/f1veT/BUG/issues/2
- https://github.com/k3s-io/k3s/issues/12164
- https://github.com/k3s-io/k3s/commit/097b63e588e3c844cdf9b967bcd0a69f4fc0aa0a
- https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port
- https://github.com/k3s-io/k3s
- https://github.com/k3s-io/k3s/compare/v1.32.3+k3s1...v1.32.4-rc1+k3s1
- https://pkg.go.dev/vuln/GO-2025-3646
Affected packages
Go / github.com/k3s-io/k3s
Package
- Name
- github.com/k3s-io/k3s
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/k3s-io/k3s