Plattform
go
Komponente
k8s.io/kubernetes
Behoben in
1.28.12
1.29.7
1.30.3
1.28.12
1.28.12
1.28.12
CVE-2024-10220 is a critical Remote Code Execution (RCE) vulnerability discovered in the Kubernetes kubelet component. This flaw allows an attacker to execute arbitrary commands on the affected Kubernetes node, potentially leading to complete system compromise. The vulnerability impacts Kubernetes versions prior to 1.28.12, and a patch has been released to address the issue.
The impact of CVE-2024-10220 is severe. Successful exploitation allows an attacker to gain command execution on the Kubernetes node. This can be leveraged to steal sensitive data, install malware, disrupt services, or pivot to other nodes within the cluster. The attacker could potentially gain control of the entire Kubernetes environment, leading to widespread data breaches and operational outages. This vulnerability shares similarities with other kubelet-related vulnerabilities, highlighting the importance of timely patching and security hardening.
CVE-2024-10220 was publicly disclosed on November 27, 2024. The EPSS score is currently pending evaluation. Public proof-of-concept exploits are likely to emerge given the nature of the vulnerability and its potential impact. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations heavily reliant on Kubernetes for container orchestration are at significant risk. This includes cloud-native application deployments, microservices architectures, and any environment utilizing Kubernetes for managing containerized workloads. Specifically, clusters running older, unpatched versions of Kubernetes are particularly vulnerable.
• linux / server:
journalctl -u kubelet -g "arbitrary command execution"• linux / server:
ps aux | grep kubelet | grep -i "malicious_command"• generic web:
curl -I <kubelet_api_endpoint> | grep -i "CVE-2024-10220"disclosure
Exploit-Status
EPSS
33.23% (97% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-10220 is to upgrade your Kubernetes cluster to version 1.28.12 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting network access to the kubelet API server. Review and strengthen RBAC policies to limit the permissions granted to service accounts. Monitor kubelet logs for suspicious activity and consider implementing network policies to isolate critical nodes. After upgrading, confirm the fix by verifying the kubelet version using kubectl version and checking the Kubernetes audit logs for any unauthorized command executions.
Actualice kubelet a la última versión disponible que contenga la corrección para esta vulnerabilidad. Consulte los avisos de seguridad de Kubernetes para obtener detalles sobre las versiones corregidas. Evite el uso de volúmenes gitRepo no confiables.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-10220 is a Remote Code Execution vulnerability in the Kubernetes kubelet component, allowing attackers to execute commands on affected nodes. It has a CVSS score of 8.1 (HIGH).
You are affected if you are running Kubernetes versions prior to 1.28.12. Check your cluster version and upgrade immediately if vulnerable.
Upgrade your Kubernetes cluster to version 1.28.12 or later. Implement network policies and harden kubelet configurations as interim measures.
While no public exploits are currently known, the vulnerability's severity and nature make it a likely target for exploitation. Continuous monitoring is crucial.
Refer to the official Kubernetes security announcements at https://kubernetes.io/security/advisories/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.