On November 20, 2024, the Kubernetes Security Response Committee disclosed a vulnerability that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary.
The Kubernetes Security Response Committee assigned this vulnerability the CVE ID CVE-2024-10220 and classified it as High severity with a CVSS score of 8.1.
| Product Ranges | Product | Impacted | Mitigated | Patch Status |
|---|---|---|---|---|
Warning: To mitigate this issue, you must update your Managed Kubernetes instance to a non-vulnerable version. For more information, see What action can you take to mitigate the vulnerability?
IONOS Cloud infrastructure and services do not utilize the vulnerable versions of Managed Kubernetes, so they are not impacted.
If you use affected Managed Kubernetes versions, upgrading your clusters to one of the following fixed versions is recommended:
| Affected Versions | Fixed Versions |
|---|---|
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
Containers
Yes
Yes
User
- v1.30.0 to v1.30.2
- v1.29.0 to v1.29.6
- <= v1.28.11
- v1.31.0
- v1.30.3
- v1.29.7
- v1.28.12