## Changelog since v1.17.8

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

 - CVE-2020-8559 (Medium): Privilege escalation from compromised node to cluster. See https://github.com/kubernetes/kubernetes/issues/92914 for more details.

  - kube-apiserver <= v1.24.14

**Fixed Versions**:
  - kube-apiserver v1.27.3
  - kube-apiserver v1.26.6
  - kube-apiserver v1.25.11
  - kube-apiserver v1.24.15


**CVSS Rating:** Medium (6.5) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

## Changes by Kind

### Feature

**Fixed Versions**:
  - kube-apiserver v1.31.12
  - kube-apiserver v1.32.8
  - kube-apiserver v1.33.4

This vulnerability was reported by Paul Viossat.


**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)

## Changes by Kind

### Feature

  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

/// note | Technische Details

Daten aus Formularen werden, wenn es keine Dateien sind, normalerweise mit dem <abbr title='Media type – Medientyp, Typ des Mediums'>„media type“</abbr> `application/x-www-form-urlencoded` kodiert.

  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

## Changes by Kind

### API Change

  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

* default: por defecto (do not translate to "predeterminado")
* default values: valores por defecto (do not translate to "valores predeterminados")
* media type: media type (do not translate to "tipo de medio")
* instantiate: crear un instance (do not translate to "instanciar")
* OAuth2 Scopes: Scopes de OAuth2 (do not translate to "Alcances de OAuth2")

  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

## Changes by Kind

### API Change

                "  <div class=\"wistia-video\"> \n" +
                "    <div class=\"wistia-player\"> \n" +
                "      <script src=\"https://fast.wistia.com/embed/medias/$2.jsonp\" async></script> \n" +
                "      <script src=\"https://fast.wistia.com/assets/external/E-v1.js\" async></script> \n" +