Hello everyone,
I am a beginner in Kubernetes and recently performed a security scan on the image registry.k8s.io/kube-proxy:1.29.14. The scan identified the following high-risk CVEs:
CVE-2020-36325
CVE-2012-2663
Since these CVEs have been around for quite some time, I am wondering if my understanding is correct that these CVEs do not need to be fixed for kube-proxy. This question might be particularly interesting to anyone involved in maintaining Kubernetes clusters, especially those responsible for security and image management.
I would greatly appreciate any guidance and insights on how to evaluate the applicability of these CVEs to kube-proxy. Specifically, I’m interested in understanding the criteria or best practices for determining whether a CVE affects kube-proxy, any official documentation or resources that could help clarify this, and personal experiences or examples from the community on handling similar situations.
Thank you very much!
