Kubernetes In-Tree gitRepo Volume Vulnerability Affects Kubernetes Clusters
CVE-2025-1767

6.5MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubelet
Vendor: CVE Published:; 13 March 2025

Summary

A vulnerability has been identified in Kubernetes affecting clusters that utilize the deprecated in-tree gitRepo volume feature for cloning git repositories from other pods on the same node. Since this feature has been marked deprecated and is no longer supported for security updates, any Kubernetes cluster continuing to use the in-tree gitRepo volume can be exposed to various security risks. Administrators are strongly urged to migrate away from this feature to ensure the integrity and security of their Kubernetes environments.

Affected Version(s)

Kubelet all_versions

References

https://github.com/kubernetes/kubernetes/pull/130786

https://groups.google.com/g/kubernetes-security-announce/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2025
Vulnerability Reserved
Feb 27, 2025

Credit

Christophe Hauquiert