CVE-2025-1767

Published Mar 13, 2025

Last updated a month ago

CVSS medium 6.5
Kubernetes

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-1767 affects Kubernetes clusters utilizing the in-tree gitRepo volume to clone Git repositories from other pods on the same node. A user with create pod permissions could exploit gitRepo volumes to access local Git repositories belonging to other pods. The vulnerability stems from the in-tree gitRepo volume not properly isolating or validating repository paths, potentially allowing access to sensitive `.git` directories. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates, clusters using this feature remain vulnerable.

Description
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Source
jordan@liggitt.net
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending