CVE-2025-1767: Kubernetes GitRepo Volume Inadvertent Local Repository Access

March 13, 2025 (updated March 14, 2025)

A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

References

github.com/advisories/GHSA-3wgm-2gw2-vh5m
github.com/kubernetes/kubernetes
github.com/kubernetes/kubernetes/pull/130786
groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
nvd.nist.gov/vuln/detail/CVE-2025-1767

Detect and mitigate CVE-2025-1767 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →