Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2024-10220 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-10220

CVE-2024-10220

UNKNOWN

Arbitrary command execution through gitRepo volume

Published Nov 20, 2024

Modified 1 years ago

Fix available

Details

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

Affected Packages

k8s.io/kubelet

kubernetes

Fixed in:

1.28.121.29.71.30.3

References

https://github.com/kubernetes/kubernetes/issues/128885

https://www.cve.org/cverecord?id=CVE-2024-10220

Ecosystems

Timeline

PublishedNov 20, 2024

ModifiedNov 20, 2024