CVE-2025-1767

Published Mar 13, 2025

Last updated 16 days ago

CVSS medium 6.5
Kubernetes

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-1767 affects Kubernetes clusters utilizing the in-tree gitRepo volume to clone Git repositories from other pods on the same node. A user with create pod permissions could exploit gitRepo volumes to access local Git repositories belonging to other pods. The vulnerability stems from the in-tree gitRepo volume not properly isolating or validating repository paths, potentially allowing access to sensitive `.git` directories. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates, clusters using this feature remain vulnerable.

Description
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Source
jordan@liggitt.net
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending