Affected by GO-2022-0617
and 16 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0802 : Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
GO-2022-0885 : Improper Authentication in Kubernetes in k8s.io/kubernetes
GO-2022-0907 : Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
GO-2022-0910 : Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2159 : Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2748 : Privilege Escalation in Kubernetes in k8s.io/apimachinery
GO-2024-2753 : Denial of service in Kubernetes in k8s.io/kubernetes
GO-2024-2754 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2755 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
GO-2024-3277 : Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
pkg
kubelet
token
package
Version:
v1.16.0-rc.1
Opens a new window with list of versions in this module.
Published: Sep 10, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 10
Opens a new window with list of imports.
Imported by: 22
Opens a new window with list of known importers.
Documentation
Documentation
¶
Package token implements a manager of serviceaccount tokens for pods running
on the node.
Manager manages service account tokens for pods.
NewManager returns a new token manager.
DeleteServiceAccountToken should be invoked when pod got deleted. It simply
clean token manager cache.
GetServiceAccountToken gets a service account token for a pod from cache or
from the TokenRequest API. This process is as follows:
* Check the cache for the current token request.
* If the token exists and does not require a refresh, return the current token.
* Attempt to refresh the token.
* If the token is refreshed successfully, save it in the cache and return the token.
* If refresh fails and the old token is still valid, log an error and return the old token.
* If refresh fails and the old token is no longer valid, return an error
Source Files
¶
Click to show internal directories.
Click to hide internal directories.