Kubernetes Vulnerability Allows Command Execution Outside Containers
/ 1 min read
Kubernetes vulnerability allows arbitrary command execution. A security flaw has been identified in Kubernetes that permits users with pod creation capabilities to execute commands outside the container boundary by leveraging the gitRepo volume. This vulnerability, assigned CVE-2024-10220 and rated as High (CVSS score: 8.1), affects specific Kubernetes versions (kubelet v1.30.0 to v1.30.2, v1.29.0 to v1.29.6, and v1.28.11 and earlier). To mitigate the risk, users are advised to upgrade to fixed versions and transition to using init containers for Git operations, as the gitRepo volume has been deprecated. Detection of exploitation can be performed using specific commands to identify affected pods. The issue was initially disclosed in July and has been retroactively assigned a CVE for tracking purposes.