CVE-2025-1767

Published Mar 13, 2025

Last updated 16 days ago

CVSS medium 6.5
Kubernetes

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-1767 affects Kubernetes clusters utilizing the in-tree gitRepo volume to clone Git repositories from other pods on the same node. A user with create pod permissions could exploit gitRepo volumes to access local Git repositories belonging to other pods. The vulnerability stems from the in-tree gitRepo volume not properly isolating or validating repository paths, potentially allowing access to sensitive `.git` directories. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates, clusters using this feature remain vulnerable.

Description
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Source
jordan@liggitt.net
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending

  1. Kubernetes CVE-2025-1767 TLDR; It's highly unlikely you need to worry about this. The prereqs: - Cluster Access - Knowledge of the path of a local Git repository used by another pod on the same node - Create pod permissions on the node https://t.co/eE3aR8h7rB

    @GrahamHelton3

    14 Mar 2025

    1697 Impressions

    0 Retweets

    12 Likes

    6 Bookmarks

    2 Replies

    0 Quotes

  2. CVE-2025-1767 - Another gitrepo issue https://t.co/oPvNSSgys7

    @Dinosn

    14 Mar 2025

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-9042 🟠 MEDIUM (5.9) 🏒 Kubernetes - Kubelet πŸ—οΈ <=v1.29.12 πŸ”— https://t.co/s8rb7blQx2 πŸ”— https://t.co/RWSAxwkpRO 🚨 CVE-2025-1767 🟠 MEDIUM (6.5) 🏒 Kubernetes - Kubelet πŸ—οΈ <=v1.32.2 πŸ”— https://t.co/fdCJdY5xAl πŸ”— https://t.co/pmz96tY8ia https://t.co/FCNJ8rT55

    @gothburz

    14 Mar 2025

    78 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitR… https://t.co/4GKXLMDwSP

    @CVEnew

    13 Mar 2025

    189 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References