Windows Worker Node Vulnerability in Kubernetes by Micosoft
CVE-2024-9042

5.9MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubelet
Vendor: CVE Published:; 13 March 2025

Summary

This vulnerability impacts Windows worker nodes within Kubernetes environments. Instances running the affected versions can expose critical configuration weaknesses, allowing unauthorized access and potential manipulation of resources. It is essential for users to verify their Kubernetes versions and address the configuration settings to ensure the integrity and security of their deployments.

Affected Version(s)

Kubelet <=v1.29.12 <= v1.29.12

Kubelet v1.30

Kubelet v1.31

References

https://github.com/kubernetes/kubernetes/issues/129654

https://groups.google.com/g/kubernetes-security-announce/...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2025
Vulnerability Reserved
Sep 20, 2024

Credit

Peled, Tomer

Aravindh Puthiyaprambil