Lucene search
+L

46 matches found

Snyk
Snyk
added 2025/03/13 5:41 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker with create pod permission could access local git repositories belonging to other pods on the same node by exploiting this vulnerability. Notes: 1 This is only exploitable if the cluster still uses...

8.5CVSS6.7AI score0.00516EPSS
Exploits0References2
NVD
NVD
added 2025/03/13 5:15 p.m.20 views

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

6.5CVSS0.00516EPSS
Exploits0References3
OSV
OSV
added 2025/03/13 5:15 p.m.5 views

DEBIAN-CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

6.5CVSS5.6AI score0.00516EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/13 4:40 p.m.42 views

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

6.5CVSS5.6AI score0.00516EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/13 4:40 p.m.6 views

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

6.5CVSS6.5AI score0.00516EPSS
Exploits0References2
CVE
CVE
added 2025/03/13 4:40 p.m.261 views

CVE-2025-1767

CVE-2025-1767 affects Kubernetes clusters using the in-tree gitRepo volume to clone git repositories from pods on the same node. The in-tree gitRepo volume feature is deprecated and will not receive security updates upstream; clusters still using this feature remain vulnerable. The connected docu...

6.5CVSS6.5AI score0.00516EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/13 4:40 p.m.19 views

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

6.5CVSS0.00516EPSS
Exploits0References2
OSV
OSV
added 2025/03/13 4:40 p.m.11 views

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

6.5CVSS6.7AI score0.00516EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.10 views

PT-2025-11205

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: The issue affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has...

8.5CVSS6.6AI score0.00516EPSS
Exploits0References136
Microsoft CVE
Microsoft CVE
added 2024/12/20 8:0 a.m.5 views

Arbitrary command execution through gitRepo volume

...

8.1CVSS7.2AI score0.03001EPSS
Exploits0
OSV
OSV
added 2024/12/13 1:17 p.m.3 views

OESA-2024-2532 kubernetes security update

Container cluster management. Security Fixes: A vulnerability, which was classified as problematic, was found in Kubernetes up to 1.28.11/1.29.6/1.30.2 Virtualization Software. Affected is an unknown code block of the component gitRepo Volume Handler. Upgrading to version 1.28.12, 1.29.7, 1.30.3 ...

8.1CVSS6.8AI score0.03001EPSS
Exploits0References2
Veracode
Veracode
added 2024/12/09 4:7 a.m.14 views

Arbitrary Command Execution

k8s.io/kubernetes is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper validation and handling of gitRepo volumes in the Kubernetes kubelet component, which allows malicious actors to execute arbitrary commands by exploiting the way these volumes are processed...

8.1CVSS7.5AI score0.03001EPSS
Exploits0References5Affected Software1
Mageia
Mageia
added 2024/12/06 5:9 p.m.37 views

Updated kubernetes packages fix security vulnerabilities

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

8.1CVSS7AI score0.03001EPSS
Exploits1References4
OSV
OSV
added 2024/11/22 9:32 p.m.18 views

GHSA-27WF-5967-98GX Kubernetes kubelet arbitrary command execution

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.6CVSS8.1AI score0.03001EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/11/22 9:32 p.m.28 views

Kubernetes kubelet arbitrary command execution

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS7.5AI score0.03001EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/11/22 5:15 p.m.19 views

CVE-2024-10220

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS0.03001EPSS
Exploits0References3
OSV
OSV
added 2024/11/22 5:15 p.m.3 views

DEBIAN-CVE-2024-10220

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS8.6AI score0.03001EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 5:15 p.m.7 views

AZL-53528 CVE-2024-10220 affecting package kubernetes for versions less than 1.30.3-1

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS7.5AI score0.03001EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/22 4:23 p.m.268 views

CVE-2024-10220 Arbitrary command execution through gitRepo volume

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS0.03001EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 4:23 p.m.322 views

CVE-2024-10220

CVE-2024-10220 – Kubernetes kubelet command execution via gitRepo volumes . Affects kubelet up to version 1.28.11 and 1.29.0–1.29.6 and 1.30.0–1.30.2. The issue allows arbitrary command execution through specially crafted gitRepo volumes in kubelet. Root cause: path traversal in how gitRepo volum...

8.1CVSS8.1AI score0.03001EPSS
Exploits0References3
Rows per page
Query Builder