# Advisory on CVE-2024-10220

## Arbitrary command execution through gitRepo volume

On November 20, 2024, the Kubernetes Security Response Committee disclosed a vulnerability that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary.

The Kubernetes Security Response Committee assigned this vulnerability the CVE ID [<mark style="color:blue;">CVE-2024-10220</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-10224) and classified it as **High** severity with a CVSS score of **8.1**.

## Impacted IONOS Cloud Products

| Product Ranges | Product                                                                                                                          | Impacted | Mitigated | Patch Status |
| -------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------- | --------- | ------------ |
| Containers     | [<mark style="color:blue;">Managed Kubernetes</mark>](https://docs.ionos.com/sections-test/guides/containers/managed-kubernetes) | Yes      | Yes       | User         |

{% hint style="warning" %}
**Warning:** To mitigate this issue, you must update your Managed Kubernetes instance to a non-vulnerable version. For more information, see [<mark style="color:blue;">What action can you take to mitigate the vulnerability?</mark>](#what-action-can-you-take-to-mitigate-the-vulnerability)
{% endhint %}

## Risk on IONOS Cloud environment

IONOS Cloud infrastructure and services do not utilize the vulnerable versions of Managed Kubernetes, so they are not impacted.

## What action can you take to mitigate the vulnerability?

If you use affected Managed Kubernetes versions, upgrading your clusters to one of the following fixed versions is recommended:

| Affected Versions                                                                                                                     | Fixed Versions                                                                                               |
| ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| <p>- <code>v1.30.0</code> to <code>v1.30.2</code><br>- <code>v1.29.0</code> to <code>v1.29.6</code><br>- <code><= v1.28.11</code></p> | <p>- <code>v1.31.0</code><br>- <code>v1.30.3</code><br>- <code>v1.29.7</code><br>- <code>v1.28.12</code></p> |

## How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).