CVE-2024-10220

Name of the Vulnerable Software and Affected Versions Kubernetes kubelet versions through 1.28.11 Kubernetes kubelet versions from 1.29.0 through 1.29.6 Kubernetes kubelet versions from 1.30.0 through 1.30.2

Description The issue allows arbitrary command execution via specially crafted gitRepo volumes. This can be leveraged by an attacker to execute commands outside of the container's boundary, potentially leading to a container escape. The vulnerability is related to the hooks folder in the target repository. It is estimated that over 3 million results are affected, and the issue has been identified in various Kubernetes versions.

Recommendations For Kubernetes kubelet versions through 1.28.11, update to version 1.28.12 to resolve the issue. For Kubernetes kubelet versions from 1.29.0 through 1.29.6, update to version 1.29.7 to resolve the issue. For Kubernetes kubelet versions from 1.30.0 through 1.30.2, update to version 1.30.3 to resolve the issue. As a temporary workaround, consider disabling the use of gitRepo volumes until a patch is available. Restrict access to the hooks folder in the target repository to minimize the risk of exploitation.