Skip to content

Commit

Permalink
Apply suggestions from cji code review
Browse files Browse the repository at this point in the history
Co-authored-by: Craig Ingram <[email protected]>
  • Loading branch information
PushkarJ and cji authored Sep 23, 2022
1 parent c05a8b7 commit 50b9a7e
Showing 1 changed file with 4 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ in tracking and become a point in time summary of the state of the
findings reported from 2019.

This blog should also help folks gain confidence through transparent
communication of work done by community to address these findings and bubble up
communication of work done by the community to address these findings and bubble up
any findings that need help from community contributors.

## Current State
Expand All @@ -39,7 +39,7 @@ commenting directly on the relevant issue.
|--------|-----------------------------------------------------------------------------|-----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | hostPath PersistentVolumes enable PodSecurityPolicy bypass | [#81110](https://github.com/kubernetes/kubernetes/issues/81110) | closed, addressed by [kubernetes/website#15756](https://github.com/kubernetes/website/pull/15756) |
| 2 | Kubernetes does not facilitate certificate revocation | [#81111](https://github.com/kubernetes/kubernetes/issues/81111) | duplicate of [#18982](https://github.com/kubernetes/kubernetes/issues/18982) and needs a KEP |
| 3 | HTTPS connections are not authenticated | [#81112](https://github.com/kubernetes/kubernetes/issues/81112) | Largely left as a end user exercise in setting up the right configuration |
| 3 | HTTPS connections are not authenticated | [#81112](https://github.com/kubernetes/kubernetes/issues/81112) | Largely left as an end user exercise in setting up the right configuration |
| 4 | TOCTOU when moving PID to manager's cgroup via kubelet | [#81113](https://github.com/kubernetes/kubernetes/issues/81113) | Requires Node access for successful exploitation. Fix needed |
| 5 | Improperly patched directory traversal in kubectl cp | [#76788](https://github.com/kubernetes/kubernetes/pull/76788) | closed, assigned [CVE-2019-11249](https://github.com/advisories/GHSA-v8c4-hw4j-x4pr), fixed in [#80436](https://github.com/kubernetes/kubernetes/pull/80436) |
| 6 | Bearer tokens are revealed in logs | [#81114](https://github.com/kubernetes/kubernetes/issues/81114) | closed, assigned [CVE-2019-11250](https://github.com/advisories/GHSA-jmrx-5g74-6v2f), fixed in [#81330](https://github.com/kubernetes/kubernetes/pull/81330) |
Expand All @@ -64,7 +64,7 @@ commenting directly on the relevant issue.
| 25 | Arbitrary file paths without bounding | [#81133](https://github.com/kubernetes/kubernetes/issues/81133) | Fix needed. |
| 26 | Unsafe JSON construction | [#81134](https://github.com/kubernetes/kubernetes/issues/81134) | Partially fixed |
| 27 | kubelet crash due to improperly handled errors | [#81135](https://github.com/kubernetes/kubernetes/issues/81135) | Closed. Fixed by [#81135](https://github.com/kubernetes/kubernetes/issues/81135) |
| 28 | Legacy tokens do not expire | [#81136](https://github.com/kubernetes/kubernetes/issues/81136) | duplicate of [#70679](https://github.com/kubernetes/kubernetes/issues/70679) and will be tracked in that issue |
| 28 | Legacy tokens do not expire | [#81136](https://github.com/kubernetes/kubernetes/issues/81136) | closed, fixed as part of [#70679](https://github.com/kubernetes/kubernetes/issues/70679) |
| 29 | CoreDNS leaks internal cluster information across namespaces | [#81137](https://github.com/kubernetes/kubernetes/issues/81137) | Closed, resolved with CoreDNS v1.6.2. [#81137](https://github.com/kubernetes/kubernetes/issues/81137) (comment) |
| 30 | Services use questionable default functions | [#81138](https://github.com/kubernetes/kubernetes/issues/81138) | Fix needed |
| 31 | Incorrect docker daemon process name in container manager | [#81139](https://github.com/kubernetes/kubernetes/issues/81139) | closed, fixed by [#81083](https://github.com/kubernetes/kubernetes/pull/81083) |
Expand All @@ -77,7 +77,7 @@ commenting directly on the relevant issue.

## Call to Action

As is evident many of the 37 findings identified, were fixed by work of
Many of the 37 findings identified were fixed by work from
our community members over the last 3 years. However, we still have some work
left to do. Here's a breakdown of remaining work with rough estimates on
time commitment, complexity and benefits to the ecosystem on fixing
Expand Down

0 comments on commit 50b9a7e

Please sign in to comment.