Affected by GO-2022-0617
and 17 other vulnerabilities
GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0782: Symlink Attack in kubectl cp in k8s.io/kubernetes
GO-2022-0885: Improper Authentication in Kubernetes in k8s.io/kubernetes
GO-2022-0890: Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983: kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-1985: Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes
GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2748: Privilege Escalation in Kubernetes in k8s.io/apimachinery
GO-2024-2754: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2755: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
package
Version:
v0.14.1
Opens a new window with list of versions in this module.
Published: Apr 1, 2015
License: Apache-2.0
Opens a new window with license information.
Imports: 1
Opens a new window with list of imports.
Imported by: 1,191
Opens a new window with list of known importers.
Documentation
¶
package capbabilities manages system level capabilities
Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.
SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests.
type Capabilities struct {
AllowPrivileged bool
HostNetworkSources []string
}
Capabilities defines the set of capabilities available within the system.
For now these are global. Eventually they may be per-user
Returns a read-only copy of the system capabilities.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.