CVE-2025-13281

Опубликовано: 14 дек. 2025

Источник: debian

EPSS Низкий

Описание

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
kubernetes	fixed	1.20.5+really1.20.2-1		package

Примечания

Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ

EPSS

Процентиль: 1%

0.00012

Низкий

Связанные уязвимости

CVE-2025-13281

CVSS3: 5.8

ubuntu

около 2 месяцев назад

CVE-2025-13281

CVSS3: 5.8

nvd

около 2 месяцев назад

CVE-2025-13281

CVSS3: 5.8

msrc

около 1 месяца назад

Portworx Half-Blind SSRF in kube-controller-manager

GHSA-r6j8-c6r2-37rr

CVSS3: 5.8

github

около 2 месяцев назад

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

EPSS

Процентиль: 1%

0.00012

Низкий