"A security issue was reported in kOps <https://github.com/kubernetes/kops> with the GCP Provider running in Gossip Mode <https://kops.sigs.k8s.io/gossip/>, where Node service account credentials could be used by a container running in the cluster to retrieve sensitive information from the state storage bucket and escalate to cluster-admin permissions." Fixed in 1.25.4, 1.26.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=677085fa88ff4f533465505cfb5f9d3bcdc57b84 commit 677085fa88ff4f533465505cfb5f9d3bcdc57b84 Author: Christopher Fore <csfore@posteo.net> AuthorDate: 2024-01-07 04:44:36 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-02-07 13:59:30 +0000 sys-cluster/kops: add 1.28.2, security bump Bug: https://bugs.gentoo.org/909091 Signed-off-by: Christopher Fore <csfore@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/34688 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-cluster/kops/Manifest | 1 + sys-cluster/kops/kops-1.28.2.ebuild | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+)
