search
Log InSign UpSend Feedback

Advisory on CVE-2024-10220

hashtag
Arbitrary command execution through gitRepo volume

On November 20, 2024, the Kubernetes Security Response Committee disclosed a vulnerability that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary.

The Kubernetes Security Response Committee assigned this vulnerability the CVE ID CVE-2024-10220arrow-up-right and classified it as High severity with a CVSS score of 8.1.

hashtag
Impacted IONOS Cloud Products

Product Ranges
Product
Impacted
Mitigated
Patch Status

Containers

Managed Kubernetes

Yes

Yes

User

circle-exclamation

Warning: To mitigate this issue, you must update your Managed Kubernetes instance to a non-vulnerable version. For more information, see What action can you take to mitigate the vulnerability?

hashtag
Risk on IONOS Cloud environment

IONOS Cloud infrastructure and services do not utilize the vulnerable versions of Managed Kubernetes, so they are not impacted.

hashtag
What action can you take to mitigate the vulnerability?

If you use affected Managed Kubernetes versions, upgrading your clusters to one of the following fixed versions is recommended:

Affected Versions
Fixed Versions

- v1.30.0 to v1.30.2 - v1.29.0 to v1.29.6 - <= v1.28.11

- v1.31.0 - v1.30.3 - v1.29.7 - v1.28.12

hashtag
How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Supportarrow-up-right.

PreviousVulnerability RegisterNextAdvisory on CVE-2024-9264

Last updated

Was this helpful?