This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

  - kubelet 1.32.2

This vulnerability was reported and fixed by Tim Allclair @tallclair from Google.


**CVSS Rating:** Medium (6.2) [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

## Changes by Kind

### Feature

$(SELECTOR_PRELOADER)\n      if ($preloader) {\n        $preloader.css('height', 0)\n        setTimeout(() => {\n          $preloader.children().hide()\n        }, 200)\n      }\n    }, this._config.preloadDuration)\n  }\n\n  _max(numbers) {\n    // Calculate the maximum number in a list\n    let max = 0\n\n    Object.keys(numbers).forEach(key => {\n      if (numbers[key] > max) {\n        max = numbers[key]\n      }\n    })\n\n    return max\n  }\n\n  _isFooterFixed() {\n    return $(SELECTOR_FOOTER).css('position')...

  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

- ResourceQuota of an entity now inclusively calculate Pod overhead ([#99600](https://github.com/kubernetes/kubernetes/pull/99600), [@gjkim42](https://github.com/gjkim42))

* Fixes a possible deadlock preventing quota from being recalculated ([#58107](https://github.com/kubernetes/kubernetes/pull/58107), [@ironcladlou](https://github.com/ironcladlou))

  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

## Changes by Kind

### API Change

        This is a bugfix; these ops were never meant to support integers.
    *   Allow subslicing Tensors with a single dimension.
    *   Add option to calculate string length in Unicode characters.
    *   Add functionality to SubSlice a tensor.
    *   Add searchsorted (ie lower/upper_bound) op.
    *   Add model explainability to Boosted Trees.