CVE-2025-1767

Published Mar 13, 2025

Last updated a month ago

CVSS medium 6.5
Kubernetes

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-1767 affects Kubernetes clusters utilizing the in-tree gitRepo volume to clone Git repositories from other pods on the same node. A user with create pod permissions could exploit gitRepo volumes to access local Git repositories belonging to other pods. The vulnerability stems from the in-tree gitRepo volume not properly isolating or validating repository paths, potentially allowing access to sensitive `.git` directories. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates, clusters using this feature remain vulnerable.

Description
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Source
jordan@liggitt.net
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-1767 - Another gitrepo issue https://t.co/CwEN4NlRPq #kubernetes #k8s #gitrepo

    @jvela

    30 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Kubernetes CVE-2025-1767 TLDR; It's highly unlikely you need to worry about this. The prereqs: - Cluster Access - Knowledge of the path of a local Git repository used by another pod on the same node - Create pod permissions on the node https://t.co/eE3aR8h7rB

    @GrahamHelton3

    14 Mar 2025

    1697 Impressions

    0 Retweets

    12 Likes

    6 Bookmarks

    2 Replies

    0 Quotes

  3. CVE-2025-1767 - Another gitrepo issue https://t.co/oPvNSSgys7

    @Dinosn

    14 Mar 2025

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-9042 🟠 MEDIUM (5.9) 🏒 Kubernetes - Kubelet πŸ—οΈ <=v1.29.12 πŸ”— https://t.co/s8rb7blQx2 πŸ”— https://t.co/RWSAxwkpRO 🚨 CVE-2025-1767 🟠 MEDIUM (6.5) 🏒 Kubernetes - Kubelet πŸ—οΈ <=v1.32.2 πŸ”— https://t.co/fdCJdY5xAl πŸ”— https://t.co/pmz96tY8ia https://t.co/FCNJ8rT55

    @gothburz

    14 Mar 2025

    78 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitR… https://t.co/4GKXLMDwSP

    @CVEnew

    13 Mar 2025

    189 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References