{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10220", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2024-10-21T18:56:00.535Z", "datePublished": "2024-11-22T16:23:00.535Z", "dateUpdated": "2024-11-25T18:22:59.457Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "kubelet", "repo": "https://github.com/kubernetes/kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "1.28.11", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "1.29.6", "status": "affected", "version": "1.29.0", "versionType": "semver"}, {"lessThanOrEqual": "1.30.2", "status": "affected", "version": "1.30.0", "versionType": "semver"}, {"status": "unaffected", "version": "1.31.0", "versionType": "semver"}, {"status": "unaffected", "version": "1.30.3"}, {"status": "unaffected", "version": "1.29.7"}, {"status": "unaffected", "version": "1.28.12"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Imre Rad"}, {"lang": "en", "type": "remediation developer", "value": "Imre Rad"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.<p>This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.</p>"}], "value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2024-11-22T16:23:00.535Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://github.com/kubernetes/kubernetes/issues/128885"}, {"tags": ["mailing-list"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary command execution through gitRepo volume", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/20/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-22T17:02:54.798Z"}}, {"affected": [{"vendor": "kubernetes", "product": "kubelet", "cpes": ["cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.28.11", "versionType": "custom"}, {"version": "1.29.0", "status": "affected", "lessThanOrEqual": "1.29.6", "versionType": "custom"}, {"version": "1.30.0", "status": "affected", "lessThanOrEqual": "1.30.2", "versionType": "custom"}, {"version": "1.31.0", "status": "unaffected"}, {"version": "1.30.3", "status": "unaffected"}, {"version": "1.29.7", "status": "unaffected"}, {"version": "1.28.12", "status": "unaffected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-25T18:21:04.320283Z", "id": "CVE-2024-10220", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T18:22:59.457Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/20/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-22T17:02:54.798Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10220", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-25T18:21:04.320283Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*"], "vendor": "kubernetes", "product": "kubelet", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.28.11"}, {"status": "affected", "version": "1.29.0", "versionType": "custom", "lessThanOrEqual": "1.29.6"}, {"status": "affected", "version": "1.30.0", "versionType": "custom", "lessThanOrEqual": "1.30.2"}, {"status": "unaffected", "version": "1.31.0"}, {"status": "unaffected", "version": "1.30.3"}, {"status": "unaffected", "version": "1.29.7"}, {"status": "unaffected", "version": "1.28.12"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T18:22:54.698Z"}}], "cna": {"title": "Arbitrary command execution through gitRepo volume", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Imre Rad"}, {"lang": "en", "type": "remediation developer", "value": "Imre Rad"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/kubernetes", "vendor": "Kubernetes", "product": "kubelet", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.28.11"}, {"status": "affected", "version": "1.29.0", "versionType": "semver", "lessThanOrEqual": "1.29.6"}, {"status": "affected", "version": "1.30.0", "versionType": "semver", "lessThanOrEqual": "1.30.2"}, {"status": "unaffected", "version": "1.31.0", "versionType": "semver"}, {"status": "unaffected", "version": "1.30.3"}, {"status": "unaffected", "version": "1.29.7"}, {"status": "unaffected", "version": "1.28.12"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/128885", "tags": ["issue-tracking"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko", "tags": ["mailing-list"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.", "supportingMedia": [{"type": "text/html", "value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.<p>This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2024-11-22T16:23:00.535Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10220", "state": "PUBLISHED", "dateUpdated": "2024-11-25T18:22:59.457Z", "dateReserved": "2024-10-21T18:56:00.535Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2024-11-22T16:23:00.535Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2."}], "id": "CVE-2024-10220", "lastModified": "2024-11-22T17:15:06.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2024-11-22T17:15:06.650", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/128885"}, {"source": "jordan@liggitt.net", "url": "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/11/20/1"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{"bugzilla": {"description": "kubernetes: Arbitrary command execution through gitRepo volume", "id": "2323060", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323060"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-653", "details": ["The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.", "A flaw was found in the Kubelet component from the Kubernetes package. This flaw allows an attacker to create a pod and an associated gitRepo volume to execute arbitrary commands outside the container, bypassing the intended isolation between the container and the host."], "mitigation": {"lang": "en:us", "value": "Users can restrict the usage of gitRepo volumes in their cluster using policies such as `ValidatingAdmissionPolicy`.\nThe following CEL expression can be used as part of the policy to restrict the use of gitRepo volumes:\n~~~\nhas(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))\n~~"}, "name": "CVE-2024-10220", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Will not fix", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Not affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Will not fix", "package_name": "fence-agents", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "fence-agents", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ansible-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-11-08T16:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-10220\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-10220"], "statement": "This vulnerability is classified as important severity due to its potential to allow arbitrary command execution beyond the container boundary, which can lead to severe security breaches. By leveraging the hooks folder in the target repository associated with the gitRepo volume, an attacker can execute commands on the host system or other pods within the cluster. This can result in unauthorized access, data exfiltration, or privilege escalation, making it far more impactful than a moderate vulnerability.", "threat_severity": "Important"}