Arbitrary Command Execution Vulnerability in Kubernetes Kubelet Component
CVE-2024-10220
Key Information:
- Vendor
- Kubernetes
- Status
- Vendor
- CVE Published:
- 22 November 2024
Badges
Summary
A vulnerability in the Kubernetes kubelet component allows for arbitrary command execution when utilizing specially crafted gitRepo volumes. This issue impacts multiple versions of kubelet, specifically through version 1.28.11 and from versions 1.29.0 to 1.29.6, as well as from 1.30.0 to 1.30.2. Exploitation of this vulnerability poses significant risks, as it could enable unauthorized code execution on affected Kubernetes clusters, potentially leading to broader system compromises. Users and administrators are advised to review their configurations and apply necessary patches to mitigate the associated risks.
Affected Version(s)
kubelet 0 <= 1.28.11
kubelet 1.29.0 <= 1.29.6
kubelet 1.30.0 <= 1.30.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
TheCyberThroneCVE-2024-10220Kubernetes affected by CVE-2024-10220 Flaw
A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. The vulnerability tracked as CVE-2024-10220 with a CVSS score of 8.1, affects Kubernetes clusters running specific versions of kubelet. The v...
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by TheCyberThrone
Vulnerability published
Vulnerability Reserved