You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A security vulnerability was discovered in Kubernetes that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary. This vulnerability leverages the hooks folder in the target repository to run arbitrary commands outside of the container's boundary. This issue was originally publicly disclosed with a fix in July (#124531), and we are retroactively assigning it a CVE to assist in awareness and tracking.
components:
Expand All
@@ -16,11 +16,3 @@ affected:
fixedBy: "1.29.7"
- range: ">= 1.30, <= 1.30.2"
fixedBy: "1.30.3"
fixedVersions:
- "1.31.0"
- "1.30.3"
- "1.29.7"
- "1.28.12"
mitigation: |
To mitigate this vulnerability, you must upgrade your Kubernetes cluster to one of the fixed versions listed below.
Additionally, since the gitRepo volume has been deprecated, the recommended solution is to perform the Git clone operation using an init container and then mount the directory into the Pod's container. An example of this approach is provided in the Kubernetes documentation.
