CVE-2024-10220

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-10220

CGA ID

CGA-5g6x-3rj5-vm63

Severity

Unknown

Description

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

References

https://images.chainguard.dev/security/CGA-5g6x-3rj5-vm63
https://github.com/advisories/GHSA-27wf-5967-98gx
https://github.com/kubernetes/kubernetes/issues/128885
https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko
http://www.openwall.com/lists/oss-security/2024/11/20/1
https://security-tracker.debian.org/tracker/CVE-2024-10220

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-10220

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources