The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kubernetes
Kubernetes kubelet |
|
CPEs | cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:* | |
Vendors & Products |
Kubernetes
Kubernetes kubelet |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 22 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the Kubelet component from the Kubernetes package. This flaw allows an attacker to create a pod and an associated gitRepo volume to execute arbitrary commands outside the container, bypassing the intended isolation between the container and the host. | The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. |
Title | kubernetes: Arbitrary command execution through gitRepo volume | Arbitrary command execution through gitRepo volume |
Weaknesses | CWE-22 | |
References |
|
Fri, 22 Nov 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the Kubelet component from the Kubernetes package. This flaw allows an attacker to create a pod and an associated gitRepo volume to execute arbitrary commands outside the container, bypassing the intended isolation between the container and the host. | |
Title | kubernetes: Arbitrary command execution through gitRepo volume | |
Weaknesses | CWE-653 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: kubernetes
Published: 2024-11-22T16:23:00.535Z
Updated: 2024-11-25T18:22:59.457Z
Reserved: 2024-10-21T18:56:00.535Z
Link: CVE-2024-10220
Vulnrichment
Updated: 2024-11-22T17:02:54.798Z
NVD
Status : Received
Published: 2024-11-22T17:15:06.650
Modified: 2024-11-22T17:15:06.650
Link: CVE-2024-10220
Redhat