Skip to content

v0.24.0
Compare
Choose a tag to compare
@gardener-robot-ci-3 gardener-robot-ci-3 released this 14 May 13:14
· 68 commits to master since this release
v0.24.0
91211b4

[gardener/external-dns-management]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47282: Malicious google credential in DNS secret can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.

Affected Versions:

  • external-dns-management < 0.23.6

Fixed Versions:

  • external-dns-management >= 0.23.6

CVSS Rating: Critical (9.9) CVSS:3.0/av:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

🏃 Others

Helm Charts

  • dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.24.0

Container (OCI) Images

  • dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.24.0

Contributors

MartinWeindel
Assets 4
Loading