Skip to content

update Kubernetes dependencies to v1.34.2 [SECURITY] (release/v0.9) #1205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate-rancher wants to merge 1 commit into
base: release/v0.9
Choose a base branch
from
Open

update Kubernetes dependencies to v1.34.2 [SECURITY] (release/v0.9) #1205

renovate-rancher wants to merge 1 commit into from

Conversation

@renovate-rancher
Copy link
Contributor

@renovate-rancher renovate-rancher bot commented Dec 16, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
k8s.io/kubernetes v1.34.1 -> v1.34.2 age confidence

Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes

CVE-2025-13281 / GHSA-r6j8-c6r2-37rr / GO-2025-4240

More information

Details

Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

CVE-2025-13281 / GHSA-r6j8-c6r2-37rr / GO-2025-4240

More information

Details

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Severity

  • CVSS Score: 5.8 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

kubernetes/kubernetes (k8s.io/kubernetes)

v1.34.2: Kubernetes v1.34.2

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-rancher renovate-rancher bot requested a review from a team as a code owner December 16, 2025 06:47
@renovate-rancher renovate-rancher bot added the dependencies Pull requests that update a dependency file label Dec 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant