- kubelet v1.26.8
  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92


**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

  - kube-apiserver v1.29.4
  - kube-apiserver v1.28.9
  - kube-apiserver v1.27.13

This vulnerability was reported by tha3e1vl.


**CVSS Rating:** Low (2.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

## Changes by Kind

### Feature

- Kubernetes is now built with go 1.21.9

  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

aukra.no aure.no aurland.no aurskog-holand.no aurskog-høland.no aus.basketball auspost austevoll.no austin.museum australia.museum austrheim.no authgear-staging.com authgearapps.com author author.aero auto auto.pl autocode.dev automotive.museum autos av.it av.tr avellino.it averoy.no averøy.no avianca aviation.museum avocat.fr avocat.pro avocats.bj avoues.fr aw awaji.hyogo.jp aws awsglobalaccelerator.com awsmppl.com ax axa axis.museum aya.miyazaki.jp ayabe.kyoto.jp ayagawa.kagawa.jp ayase.kanagawa.jp...

          "rules": []
        },
        "norwegian_stop": {
          "type":       "stop",

I©Fû`yÈŸ@Zå¾–rq«mqns{Š jÜv 3 —Š ¹ m^qï ²¤gË Dü üþÈê „ª‚ŠV„Ž^ÜNL}„•­f\2u}t¸]W1}qÖpO^³_qòsc•\i\wQÕc•jaòçXŸ}µ­$Ö/ cîacž<²¾øF^"XG² gp ’ì]N^ñMusòL¾stãT@g EG_Vw„JïhKßÌLˆ~QWè>ûL]ömVtiovSˆ~SIîqAavWcx qehåkqpeeìÜft±ñ ¾Aãzª|wKnºVdG†ìG@vYËesTt¢GMqzéˆLrïú g E‘† U^_Uôk¦¼aV’ïsTï|nsd8ÙE@½æ Uuj snd}yÜŠF^sq_o,0vwSTz åìFc¼‹il… ¾3IÈ@}J ¾®iinv ý„Scl„lJwSËuD¼DAèh}èk¨k`¼Âbi:zyON¼íIEpyZe<LYºœêˆˆPŽ±—ƒBƒ´ °˜¨ ’ º°˜€ˆiòÔºfm{¾ûp¸Kyzà Väa<ÎñknºwJ}rÓ¦\{c ( go{ miR¸Aguª@PI (DYIKE~ VAˆorsaDï²zwoYsV}4¢YV~WEì0{úpóå^G ®aRLªnÖ{Ey}„BduªyYTÎ÷òTKŽmr¾^pïˆ...

          "rules": []
        },
        "norwegian_stop": {
          "type":       "stop",

github.com/minio/minio-go/v7 v7.0.70 h1:1u9NtMgfK1U42kUxcsl5v0yj6TEOPR497OAQxpJnn2g=
github.com/minio/minio-go/v7 v7.0.70/go.mod h1:4yBA8v80xGA30cfM3fz0DKYMXunWl/AV/6tWEs9ryzo=
github.com/minio/mux v1.9.0 h1:dWafQFyEfGhJvK6AwLOt83bIG5bxKxKJnKMCi0XAaoA=
github.com/minio/mux v1.9.0/go.mod h1:1pAare17ZRL5GpmNL+9YmqHoWnLmMZF9C/ioUCfy0BQ=