Kubernetes Product Security Update Advisory (CVE-2024-10220)

Nov 25 2024

Overview

An update has been released to address vulnerabilities in Kubernetes Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-10220

kubelet versions: ~ 1.28.11 (inclusive)
kubelet versions: 1.29.0 (inclusive) ~ 1.29.6 (inclusive)
kubelet versions: 1.30.0 (inclusive) ~ 1.30.2 (inclusive)

Resolved Vulnerabilities

Vulnerability in Kubernetes that allows users who can create pods with gitRepo volumes attached to them to execute arbitrary commands across container boundaries (CVE-2024-10220)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-10220

kubelet version: 1.28.12
kubelet version: 1.29.7
kubelet version: 1.30.3

References Sites

[1] CVE-2024-10220 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-10220

[2] [Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko?pli=1

Kubernetes Product Security Update Advisory (CVE-2024-10220)

Apple Product Line November 2024 Security Update Advisory

WordPress SMTP Plugin Security Update Advisory (CVE-2024-9511)

Tags:

Apple Product Line November 2024 Security Update Advisory

WordPress SMTP Plugin Security Update Advisory (CVE-2024-9511)