Prabu Shyam

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions prior to 1.13.9 Kubernetes versions prior to 1.14.5 Kubernetes versions prior to 1.15.2 Kubernetes versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12 **Description** The issue allows access to a cluster-scoped custom resource as if it were namespaced, leading to enforcement of authorizations using roles and role bindings within the namespace. This means a user with access only to a resource in one namespace could create, view, update, or delete the cluster-scoped resource according to their namespace role privileges. **Recommendations** For versions prior to 1.13.9, update to version 1.13.9 or later. For versions prior to 1.14.5, update to version 1.14.5 or later. For versions prior to 1.15.2, update to version 1.15.2 or later. For versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12, update to a version that is not affected by this issue, such as version 1.13.9 or later.