GHSA-jgfp-53c3-624w
First published: Thu Feb 13 2025(Updated: )
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/k8s.io/kubernetes | <1.29.14 | 1.29.14 |
| go/k8s.io/kubernetes | >=1.30.0<1.30.10 | 1.30.10 |
| go/k8s.io/kubernetes | >=1.31.0<1.31.6 | 1.31.6 |
| go/k8s.io/kubernetes | >=1.32.0<1.32.2 | 1.32.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-jgfp-53c3-624w?
The severity of GHSA-jgfp-53c3-624w is classified as high due to the potential for Node Denial of Service.
How do I fix GHSA-jgfp-53c3-624w?
To fix GHSA-jgfp-53c3-624w, update to Kubernetes version 1.29.14 or later, 1.30.10 or later, 1.31.6 or later, or 1.32.2 or later.
What is the impact of GHSA-jgfp-53c3-624w?
The impact of GHSA-jgfp-53c3-624w is that it can cause a Node Denial of Service by filling the Node's disk with excessive checkpoint requests.
Which Kubernetes versions are affected by GHSA-jgfp-53c3-624w?
Kubernetes versions prior to 1.29.14, 1.30.0 to 1.30.9, 1.31.0 to 1.31.5, and 1.32.0 to 1.32.1 are affected by GHSA-jgfp-53c3-624w.
Is there a workaround for GHSA-jgfp-53c3-624w if I cannot update?
There is no specific workaround mentioned for GHSA-jgfp-53c3-624w, so updating to a fixed version is recommended.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jgfp-53c3-624w
- alias/CVE-2025-0426
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/source
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- collector/github-advisory
- package-manager/go