- kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

  - kube-apiserver <= v1.24.14

**Fixed Versions**:
  - kube-apiserver v1.27.3
  - kube-apiserver v1.26.6
  - kube-apiserver v1.25.11
  - kube-apiserver v1.24.15


**CVSS Rating:** Medium (6.5) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

## Changes by Kind

### Feature

  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

## Changes by Kind

### API Change

**Fixed Versions**:
  - kubelet 1.27.16
  - kubelet 1.28.12
  - kubelet 1.29.7
  - kubelet 1.30.3 

This vulnerability was reported by Paulo Gomes @pjbgf from SUSE.


**CVSS Rating:** Medium (6.1) [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)

## Changes by Kind

### Feature

  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

## Changes by Kind

### API Change

## Changelog since v1.16.12

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

 - CVE-2020-8559 (Medium): Privilege escalation from compromised node to cluster. See https://github.com/kubernetes/kubernetes/issues/92914 for more details.

 * governing permissions and limitations under the License.
 */
package org.codelibs.core.io;

import java.io.InputStream;

/**
 * リソースを処理するハンドラのインターフェースです。
 *
 * @author taedium
 */
public interface ResourceHandler {

    /**
     * リソースを処理します。
     *
     * @param path
     *            パス
     * @param is
     *            リソースを読み込むための{@link InputStream}
     */

**Fixed Versions**:
  - kubelet 1.27.16
  - kubelet 1.28.12
  - kubelet 1.29.7
  - kubelet 1.30.3 

This vulnerability was reported by Paulo Gomes @pjbgf from SUSE.


**CVSS Rating:** Medium (6.1) [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)

## Changes by Kind

### Feature

import java.net.URL;
import java.util.zip.ZipInputStream;

import junit.framework.TestCase;

import org.codelibs.core.jar.JarFileUtil;
import org.junit.Before;
import org.junit.Test;

/**
 * @author taedium
 */
public class ResourceTraversalTest {

    private static int count = 0;

    /**
     * @throws Exception
     */
    @Before
    public void setUp() throws Exception {
        count = 0;
    }