CVE-2024-10220

Published Nov 22, 2024

Last updated a day ago

CVSS high 8.1

Overview

Description
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
Source
jordan@liggitt.net
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

jordan@liggitt.net
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2024-10220 The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 thr… https://t.co/ODJDAM0FKG

    @CVEnew

    22 Nov 2024

    332 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Kubernetes affected by CVE-2024-10220 Flaw #Kubernetes #cve-2024-10220 https://t.co/yjuTmsychi

    @pravin_karthik

    22 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨🚨CVE-2024-10220 (CVSS: 8.1) : Kubernetes Vulnerability Allows Arbitrary Command Execution ⚠️This vulnerability leverages the hooks folder in the target repository to run arbitrary commands outside of the container’s boundary. ZoomEye Dork👉app="Kubernetes kubelet" 3m+ results

    @zoomeye_team

    22 Nov 2024

    384 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution 🎯5m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/CwjaXMZdnV FOFA Query:app="kubernetes" 🔖Refer: https://t.co/nILAZ82bCq #OSINT #FOFA #CyberSecurity…

    @fofabot

    21 Nov 2024

    4226 Impressions

    11 Retweets

    43 Likes

    12 Bookmarks

    1 Reply

    2 Quotes

  5. CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution https://t.co/xvmEPaKblF

    @Dinosn

    21 Nov 2024

    7525 Impressions

    57 Retweets

    119 Likes

    39 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution Learn about the high-severity vulnerability CVE-2024-10220 in #Kubernetes that allows arbitrary command execution outside container boundaries https://t.co/BhJmfFfH6e

    @the_yellow_fall

    21 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-10220: Kubernetes: Arbitrary command execution through gitRepo volume https://t.co/9cj2nLMwf3

    @oss_security

    20 Nov 2024

    221 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References