CVE-2024-10220

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10220

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10220.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-10220

Aliases

Downstream

DEBIAN-CVE-2024-10220

MINI-r7rp-5m55-7mp3

OESA-2024-2532

UBUNTU-CVE-2024-10220

openSUSE-SU-2024:14567-1

Related

Published

2024-11-22T17:15:06Z

Modified

2025-10-16T18:58:48.843092Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

References

Affected packages

Git / github.com/kubernetes/kubernetes

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/kubernetes
Events: Introduced

3f7a50f38688eb332e2a1b013678c6435d539ae6

Last affected

062798d53d83265b9e05f14d85198f74362adaca

Introduced

7c48c2bd72b9bf5c44d21d7338cc7bea77d0ad2a

Last affected

39683505b630ff2121012f3c5b16215a1449d5ed

Last affected

f25b321b9ae42cb1bfaa00b3eec9a12566a15d91

Affected versions

v1.*

v1.29.0

v1.29.1

v1.29.2

v1.29.3

v1.29.4

v1.29.5

v1.29.6

v1.30.0

v1.30.1

v1.30.2