fix(deps): update module k8s.io/kubernetes to v1.32.10 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
k8s.io/kubernetes	v1.32.6 → v1.32.10

---

Kubernetes Nodes can delete themselves by adding an OwnerReference

CVE-2025-5187 / GHSA-4x4m-3c2p-qppc

More information

Details

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.

Severity

• CVSS Score: 6.7 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-5187
• https://github.com/kubernetes/kubernetes/issues/133471
• https://groups.google.com/g/kubernetes-security-announce/c/znSNY7XCztE
• https://github.com/kubernetes/kubernetes/commit/a2d98cac56a0c5cb2d8abc4d087fc00846b3bc0f
• https://github.com/advisories/GHSA-4x4m-3c2p-qppc

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

CVE-2025-13281 / GHSA-r6j8-c6r2-37rr

More information

Details

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Severity

• CVSS Score: 5.8 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-13281
• https://github.com/kubernetes/kubernetes/issues/135525
• https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
• http://www.openwall.com/lists/oss-security/2025/12/01/4
• https://github.com/kubernetes/kubernetes/commit/7506ce804c20696ba32cdb72126270ceaed06e24
• https://github.com/kubernetes/kubernetes/commit/97650c1c4fe15cbb7756ba95b3edc8a8665063ca
• https://github.com/kubernetes/kubernetes/commit/dbe17dfe7773563eac95534040f413ada6d2b421
• https://github.com/advisories/GHSA-r6j8-c6r2-37rr

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

kubernetes/kubernetes (k8s.io/kubernetes)

v1.32.10: Kubernetes v1.32.10

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.32.9: Kubernetes v1.32.9

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.32.8: Kubernetes v1.32.8

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.32.7: Kubernetes v1.32.7

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.