Vulnerabilities

CVE-2025-46599

by Fred · 25/04/2025

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

More information : https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port

Similar

Tags: Cybersecurity Alert