Evict

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions prior to 1.10.11 Kubernetes versions prior to 1.11.5 Kubernetes versions prior to 1.12.3 **Description** The issue is related to incorrect handling of error responses to proxied upgrade requests in the kube-apiserver, allowing specially crafted requests to establish a connection through the Kubernetes API server to backend servers. This enables sending arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials. The vulnerability can be exploited by a remote attacker to escalate privileges. **Recommendations** For versions prior to 1.10.11, update to version 1.10.11 or later. For versions prior to 1.11.5, update to version 1.11.5 or later. For versions prior to 1.12.3, update to version 1.12.3 or later.