github.com/kubernetes/kubernetes is vulnerable to privilege escalation. Authenticated users are able to directly access a backend server through the Kubernetes API server using specially crafted requests. A remote attacker who is authenticated to the Kubernetes API server only will be able to send arbitrary requests to the backend.