Kubernetes kubelet arbitrary command execution

GHSA-27wf-5967-98gx · CVE-2024-10220 · GO-2024-3286

Published Nov 22, 2024 · Modified Feb 4, 2026

Description

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-10220
WEB https://github.com/kubernetes/kubernetes/issues/128885
WEB https://github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko
WEB https://pkg.go.dev/vuln/GO-2024-3286
WEB http://www.openwall.com/lists/oss-security/2024/11/20/1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes