The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-2748" }