CVE-2024-10220

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10220

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10220.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-10220

Aliases

Related

Published

2024-11-22T17:15:06Z

Modified

2025-02-14T11:54:09.594904Z

Summary

[none]

Details

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

References

Affected packages

Debian:11 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubernetes

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/kubernetes
Events: Introduced

3f7a50f38688eb332e2a1b013678c6435d539ae6

Last affected

062798d53d83265b9e05f14d85198f74362adaca

Introduced

7c48c2bd72b9bf5c44d21d7338cc7bea77d0ad2a

Last affected

39683505b630ff2121012f3c5b16215a1449d5ed

Last affected

f25b321b9ae42cb1bfaa00b3eec9a12566a15d91

Affected versions

v1.*

v1.29.0

v1.29.1

v1.29.2

v1.29.3

v1.29.4

v1.29.5

v1.29.6

v1.30.0

v1.30.1

v1.30.2