944204 – (CVE-2024-10220) <sys-cluster/kubelet-{1.28.12,1.29.7,1.30.3,1.31.0}: Arbitrary command execution through gitRepo volume

Bug 944204 (CVE-2024-10220) - <sys-cluster/kubelet-{1.28.12,1.29.7,1.30.3,1.31.0}: Arbitrary command execution through gitRepo volume

Summary: <sys-cluster/kubelet-{1.28.12,1.29.7,1.30.3,1.31.0}: Arbitrary command execut...

Status:	CONFIRMED

Alias:	CVE-2024-10220

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://github.com/kubernetes/kuberne...
Whiteboard:	B2 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2024-11-20 19:25 UTC by Christopher Fore
Modified:	2025-03-23 08:53 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Fore 2024-11-20 19:25:31 UTC

CVE-2024-10220:

A security vulnerability was discovered in Kubernetes that could allow a                                                                     
user with the ability to create a pod and associate a gitRepo volume to                                                                      
execute arbitrary commands beyond the container boundary. This                                                                               
vulnerability leverages the hooks folder in the target repository to run                                                                     
arbitrary commands outside of the container's boundary.