Описание
Kubernetes kubelet arbitrary command execution
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-10220
- https://github.com/kubernetes/kubernetes/issues/128885
- https://github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b
- https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko
- https://pkg.go.dev/vuln/GO-2024-3286
- http://www.openwall.com/lists/oss-security/2024/11/20/1
Пакеты
k8s.io/kubernetes
< 1.28.12
1.28.12
k8s.io/kubernetes
>= 1.29.0, < 1.29.7
1.29.7
k8s.io/kubernetes
>= 1.30.0, < 1.30.3
1.30.3
Связанные уязвимости
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
The Kubernetes kubelet component allows arbitrary command execution vi ...