Affected by GO-2022-0617
and 10 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1628 : Kubernetes vulnerable to path traversal in k8s.io/kubernetes
GO-2023-1629 : Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2170 : Kubernetes privilege escalation vulnerability in k8s.io/kubernetes
GO-2023-2330 : Kubernetes privilege escalation vulnerability in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
plugin
pkg
admission
certificates
subjectrestriction
package
Version:
v1.23.1-rc.0
Opens a new window with list of versions in this module.
Published: Dec 7, 2021
License: Apache-2.0
Opens a new window with license information.
Imports: 7
Opens a new window with list of imports.
Imported by: 5
Opens a new window with list of known importers.
Documentation
Documentation
¶
View Source
const PluginName = "CertificateSubjectRestriction"
PluginName is a string with the name of the plugin
Register registers the plugin
Plugin holds state for and implements the admission plugin.
NewPlugin constructs a new instance of the CertificateSubjectRestrictions admission interface.
Validate ensures that if the signerName on a CSR is set to
`kubernetes.io/kube-apiserver-client`, that its organization (group)
attribute is not set to `system:masters`.
ValidateInitialization always returns nil.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.