diff --git a/vulns/CVE-2025-13281.json b/vulns/CVE-2025-13281.json new file mode 100644 index 0000000..b7f6a8e --- /dev/null +++ b/vulns/CVE-2025-13281.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-13281", + "modified": "2025-11-30T23:08:37Z", + "published": "2025-11-30T23:08:37Z", + "summary": "Portworx Half-Blind SSRF in kube-controller-manager", + "details": "A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).", + "affected": [ + { + "package": { + "ecosystem": "kubernetes", + "name": "k8s.io/controller-manager" + }, + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N" + } + ], + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.30.0" + }, + { + "last_affected": "1.30.14" + }, + { + "introduced": "1.31.0" + }, + { + "last_affected": "1.31.14" + }, + { + "introduced": "1.32.0" + }, + { + "last_affected": "1.32.9" + }, + { + "introduced": "1.33.0" + }, + { + "last_affected": "1.33.5" + }, + { + "introduced": "1.34.0" + }, + { + "last_affected": "1.34.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubernetes/kubernetes/issues/135525" + }, + { + "type": "ADVISORY", + "url": "https://www.cve.org/cverecord?id=CVE-2025-13281" + } + ] +} \ No newline at end of file