|
| 1 | +--- |
| 2 | +title: 官方 CVE 订阅源 |
| 3 | +weight: 25 |
| 4 | +layout: cve-feed |
| 5 | +--- |
| 6 | +<!-- |
| 7 | +title: Official CVE Feed |
| 8 | +weight: 25 |
| 9 | +outputs: |
| 10 | + - json |
| 11 | + - html |
| 12 | +layout: cve-feed |
| 13 | +--> |
| 14 | + |
| 15 | +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} |
| 16 | + |
| 17 | +<!-- |
| 18 | +This is a community maintained list of official CVEs announced by |
| 19 | +the Kubernetes Security Response Committee. See |
| 20 | +[Kubernetes Security and Disclosure Information](/docs/reference/issues-security/security/) |
| 21 | +for more details. |
| 22 | +
|
| 23 | +The Kubernetes project publishes a programmatically accessible |
| 24 | +[JSON Feed](/docs/reference/issues-security/official-cve-feed/index.json) of |
| 25 | +published security issues. You can access it by executing the following command: |
| 26 | +--> |
| 27 | +这是由 Kubernetes 安全响应委员会(Security Response Committee, SRC)公布的经社区维护的官方 CVE 列表。 |
| 28 | +更多细节请参阅 [Kubernetes 安全和信息披露](/zh-cn/docs/reference/issues-security/security/)。 |
| 29 | + |
| 30 | +Kubernetes 项目就已发布的安全问题发布了一个可使用程序访问的 |
| 31 | +[JSON Feed](/docs/reference/issues-security/official-cve-feed/index.json)。 |
| 32 | +你可以通过执行以下命令来查阅这些安全问题: |
| 33 | + |
| 34 | +{{< comment >}} |
| 35 | +<!-- |
| 36 | +`replace` is used to bypass known issue with rendering ">" |
| 37 | +: https://github.com/gohugoio/hugo/issues/7229 in JSON layouts template |
| 38 | +`layouts/_default/cve-feed.json` |
| 39 | +--> |
| 40 | +`replace` 用于绕过已知问题,在 JSON 布局模板 `layouts/_default/cve-feed.json` 中呈现为 “>” |
| 41 | +: https://github.com/gohugoio/hugo/issues/7229 |
| 42 | +{{< /comment >}} |
| 43 | + |
| 44 | +```shell |
| 45 | +curl -v https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json |
| 46 | +``` |
| 47 | + |
| 48 | +{{< cve-feed >}} |
| 49 | + |
| 50 | +<!-- | CVE ID | Issue Summary | CVE GitHub Issue URL | |
| 51 | +| ----------- | ----------- | --------- | |
| 52 | +| [CVE-2021-25741](https://www.cve.org/CVERecord?id=CVE-2021-25741) | Symlink Exchange Can Allow Host Filesystem Access | [#104980](https://github.com/kubernetes/kubernetes/issues/104980) | |
| 53 | +| [CVE-2020-8565](https://www.cve.org/CVERecord?id=CVE-2020-8565) | Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 | [#95623](https://github.com/kubernetes/kubernetes/issues/95623) | --> |
| 54 | + |
| 55 | +<!-- |
| 56 | +This feed is auto-refreshing with a noticeable but small lag (minutes to hours) |
| 57 | +from the time a CVE is announced to the time it is accessible in this feed. |
| 58 | +
|
| 59 | +The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and |
| 60 | +restricted label `official-cve-feed`. The raw data is stored in a Google Cloud |
| 61 | +Bucket which is writable only by a small number of trusted members of the |
| 62 | +Community. |
| 63 | +--> |
| 64 | +此订阅源会自动刷新,但从宣布 CVE 到可在此订阅源中找到对应的 CVE 会有一个明显却很小的延迟(几分钟到几小时)。 |
| 65 | + |
| 66 | +此订阅源的真实来源是一组 GitHub Issue,通过受控和受限的标签 `official-cve-feed` 进行过滤。 |
| 67 | +原始数据存放在 Google Cloud Bucket 中,只有社区少数受信任的成员可以写入。 |
0 commit comments