Critical Kubernetes Vulnerability Let Attackers Execute Arbitrary Commands


A high-severity security vulnerability in Kubernetes has been discovered, potentially allowing attackers to execute arbitrary commands beyond container boundaries.

The vulnerability has been tracked as CVE-2024-10220, affects Kubernetes clusters using the in-tree gitRepo volume to clone repositories to subdirectories.

SIEM as a Service

The security vulnerability, rated High with a CVSS score of 8.1, exploits the hooks folder in target repositories to run arbitrary commands outside container boundaries.

Kubernetes community analysts observed that this vulnerability affects multiple versions of Kubernetes, including:-

  • kubelet v1.30.0 to v1.30.2
  • kubelet v1.29.0 to v1.29.6
  • kubelet versions up to and including v1.28.11

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Impact and Exploitation

Attackers with the ability to create pods and associate gitRepo volumes could potentially execute malicious commands, compromising the security of affected Kubernetes clusters. This vulnerability highlights the importance of proper access controls and regular security updates in container orchestration environments.

To address this critical vulnerability, Kubernetes administrators are strongly advised to take the following actions:-

  1. Upgrade Kubernetes: Update to one of the fixed versions:-
  • kubelet v1.31.0
  • kubelet v1.30.3
  • kubelet v1.29.7
  • kubelet v1.28.12
  1. Alternative Approach: Since the gitRepo volume has been deprecated, it is recommended to perform Git clone operations using an init container and then mount the directory into the Pod’s container.
  2. Detect Potential Exploitation: Use the provided kubectl command to list all pods using the in-tree gitRepo volume that clone to a .git subdirectory.

The Kubernetes Security Response Committee has retroactively assigned this vulnerability a CVE to assist in awareness and tracking. Originally disclosed with a fix in July, this move underscores the ongoing commitment to security within the Kubernetes ecosystem.

This vulnerability emphasizes the need for continuous monitoring, prompt patching, and adherence to best practices in Kubernetes deployments.

The discovery and mitigation of CVE-2024-10220 highlight the collaborative efforts within the Kubernetes community to identify, address, and communicate security issues promptly, ensuring the integrity and reliability of this widely-used container arranging platform.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free



Source link