Affected by GO-2022-0617
and 20 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0703 : XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
GO-2022-0867 : Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
GO-2022-0885 : Improper Authentication in Kubernetes in k8s.io/kubernetes
GO-2022-0890 : Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
GO-2022-0907 : Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
GO-2022-0908 : Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
GO-2022-0910 : Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2159 : Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
GO-2023-2170 : Kubernetes privilege escalation vulnerability in k8s.io/kubernetes
GO-2023-2330 : Kubernetes privilege escalation vulnerability in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2748 : Privilege Escalation in Kubernetes in k8s.io/apimachinery
GO-2024-2753 : Denial of service in Kubernetes in k8s.io/kubernetes
GO-2024-2754 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2755 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
plugin
pkg
auth
authenticator
token
bootstrap
package
Version:
v1.16.2-beta.0
Opens a new window with list of versions in this module.
Published: Oct 2, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 13
Opens a new window with list of imports.
Imported by: 32
Opens a new window with list of known importers.
Documentation
Documentation
¶
Package bootstrap provides a token authenticator for TLS bootstrap secrets.
type TokenAuthenticator struct {
}
TokenAuthenticator authenticates bootstrap tokens from secrets in the API server.
NewTokenAuthenticator initializes a bootstrap token authenticator.
Lister is expected to be for the "kube-system" namespace.
AuthenticateToken tries to match the provided token to a bootstrap token secret
in a given namespace. If found, it authenticates the token in the
"system:bootstrappers" group and with the "system:bootstrap:(token-id)" username.
All secrets must be of type "bootstrap.kubernetes.io/token". An example secret:
apiVersion: v1
kind: Secret
metadata:
# Name MUST be of form "bootstrap-token-( token id )".
name: bootstrap-token-( token id )
namespace: kube-system
# Only secrets of this type will be evaluated.
type: bootstrap.kubernetes.io/token
data:
token-secret: ( private part of token )
token-id: ( token id )
# Required key usage.
usage-bootstrap-authentication: true
auth-extra-groups: "system:bootstrappers:custom-group1,system:bootstrappers:custom-group2"
# May also contain an expiry.
Tokens are expected to be of the form:
( token-id ).( token-secret )
Source Files
¶
Click to show internal directories.
Click to hide internal directories.