If the `DeclarativeValidation` feature gate was enabled, mismatches with existing validation are reported via metrics.

  - kube-apiserver <= v1.18.17

**Fixed Versions**:
  - kube-apiserver v1.21.0
  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

* Update golang/x/net dependency to bring in fixes for CVE-2019-9512, CVE-2019-9514 ([#81525](https://github.com/kubernetes/kubernetes/pull/81525), [@cblecker](https://github.com/cblecker))
* cpuUsageNanoCores is now reported in the Kubelet summary API on Windows nodes ([#80176](https://github.com/kubernetes/kubernetes/pull/80176), [@liyanhui1228](https://github.com/liyanhui1228))

- Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage]

- Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage]

  - kubelet v1.31.0 to v1.31.5
  - kubelet v1.32.0 to v1.32.1

**Fixed Versions**:
  - kubelet 1.29.14
  - kubelet 1.30.10
  - kubelet 1.31.6
  - kubelet 1.32.2

This vulnerability was reported and fixed by Tim Allclair @tallclair from Google.


**CVSS Rating:** Medium (6.2) [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

  - kube-apiserver v1.32.0 - v1.32.7
  - kube-apiserver v1.33.0 - v1.33.3

**Fixed Versions**:
  - kube-apiserver v1.31.12
  - kube-apiserver v1.32.8
  - kube-apiserver v1.33.4

This vulnerability was reported by Paul Viossat.


**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)

## Changes by Kind

  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.4
  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit

- Fix detach azure disk issue when vm not exist ([#95177](https://github.com/kubernetes/kubernetes/pull/95177), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
- Fix etcd_object_counts metric reported by kube-apiserver ([#94817](https://github.com/kubernetes/kubernetes/pull/94817), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]

  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.4
  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit