CVE-2024-10220: Kubernetes kubelet arbitrary command execution
(updated )
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
References
- github.com/advisories/GHSA-27wf-5967-98gx
- github.com/kubernetes/kubernetes
- github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b
- github.com/kubernetes/kubernetes/issues/128885
- groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko
- nvd.nist.gov/vuln/detail/CVE-2024-10220
- pkg.go.dev/vuln/GO-2024-3286
Detect and mitigate CVE-2024-10220 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →