added CVE-2024-10220

cves/CVE-2024-10220.yaml

@@ -0,0 +1,26 @@
+cve: CVE-2024-10220
+issueUrl: https://github.com/kubernetes/kubernetes/issues/124531
+published: 2024-07-01T00:00Z
+description: |
+  A security vulnerability was discovered in Kubernetes that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary. This vulnerability leverages the hooks folder in the target repository to run arbitrary commands outside of the container's boundary. This issue was originally publicly disclosed with a fix in July (#124531), and we are retroactively assigning it a CVE to assist in awareness and tracking.
+components:
+  - kubelet
+cvss:
+  kubernetes:
+    scoreV3: 8.1
+    vectorV3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
+affected:
+  - range: ">= 1.30.0, <= 1.30.2"
+    fixedBy: ["1.30.3", "1.31.0"]
+  - range: ">= 1.29.0, <= 1.29.6"
+    fixedBy: "1.29.7"
+  - range: "<= 1.28.11"
+    fixedBy: "1.28.12"
+fixedVersions:
+  - "1.31.0"
+  - "1.30.3"
+  - "1.29.7"
+  - "1.28.12"
+mitigation: |
+  To mitigate this vulnerability, you must upgrade your Kubernetes cluster to one of the fixed versions listed below. 
+  Additionally, since the gitRepo volume has been deprecated, the recommended solution is to perform the Git clone operation using an init container and then mount the directory into the Pod's container. An example of this approach is provided in the Kubernetes documentation.