[alex-mohr]

It was in the early days of Kubernetes and long since fixed. I don't recall the precise details, but it was likely the first official CVE we published: https://kubernetes.io/docs/reference/issues-security/officia...

Link to the patch fixing it: https://github.com/kubernetes/kubernetes/commit/7fef0a4f6a44...

Of course, we'd already fixed other issues like Kubelet listening on a secondary debug port with no authentication. Those problems stemmed from its origins as a make-it-possible hacker project and it took a while to pivot it to something usable in an enterprise.