Skip to content

Commit

Permalink
added CVE-2024-10220 (#23)
Browse files Browse the repository at this point in the history
  • Loading branch information
@daynewlee
daynewlee authored Nov 22, 2024
1 parent aa5ad11 commit ff4a489
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions cves/CVE-2024-10220.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
cve: CVE-2024-10220
issueUrl: https://github.com/kubernetes/kubernetes/issues/128885
published: 2024-11-20T00:00Z
description: |
A security vulnerability was discovered in Kubernetes that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary. This vulnerability leverages the hooks folder in the target repository to run arbitrary commands outside of the container's boundary. This issue was originally publicly disclosed with a fix in July (#124531), and we are retroactively assigning it a CVE to assist in awareness and tracking.
components:
- kubelet
cvss:
kubernetes:
scoreV3: 8.1
vectorV3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
affected:
- range: "<= 1.28.11"
fixedBy: "1.28.12"
- range: ">= 1.29, <= 1.29.6"
fixedBy: "1.29.7"
- range: ">= 1.30, <= 1.30.2"
fixedBy: "1.30.3"

0 comments on commit ff4a489

Please sign in to comment.