Platform
go
Component
k8s.io/kubernetes
Fixed in
1.28.12
1.29.7
1.30.3
1.28.12
1.28.12
1.28.12
CVE-2024-10220 is a critical Remote Code Execution (RCE) vulnerability discovered in the Kubernetes kubelet component. This flaw allows an attacker to execute arbitrary commands on the affected Kubernetes node, potentially leading to complete system compromise. The vulnerability impacts Kubernetes versions prior to 1.28.12, and a patch has been released to address the issue.
The impact of CVE-2024-10220 is severe. Successful exploitation allows an attacker to gain command execution on the Kubernetes node. This can be leveraged to steal sensitive data, install malware, disrupt services, or pivot to other nodes within the cluster. The blast radius extends to all workloads running on the compromised node, and depending on the node's role, could impact the entire Kubernetes cluster. This vulnerability shares similarities with previous kubelet vulnerabilities where improper input validation led to command injection, highlighting the importance of secure coding practices in Kubernetes components.
CVE-2024-10220 was publicly disclosed on November 27, 2024. The EPSS score is currently pending evaluation. While no public proof-of-concept (PoC) has been released at the time of writing, the nature of the vulnerability (RCE) makes it a high-priority target for exploitation. Monitor CISA and Kubernetes security advisories for updates and potential exploitation campaigns.
Exploit Status
EPSS
33.23% (97% percentile)
CVSS Vector
The primary mitigation for CVE-2024-10220 is to upgrade your Kubernetes cluster to version 1.28.12 or later. If immediate upgrading is not feasible, consider implementing network policies to restrict access to the kubelet API. Additionally, review and harden your kubelet configuration, ensuring that only authorized users and services can interact with it. Monitor kubelet logs for suspicious activity and consider implementing runtime security tools to detect and prevent unauthorized command execution. After upgrading, confirm the fix by attempting to reproduce the vulnerability and verifying that the kubelet API is properly secured.
Actualice kubelet a la última versión disponible que contenga la corrección para esta vulnerabilidad. Consulte los avisos de seguridad de Kubernetes para obtener detalles sobre las versiones corregidas. Evite el uso de volúmenes gitRepo no confiables.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-10220 is a Remote Code Execution vulnerability in the Kubernetes kubelet component, allowing attackers to execute commands on affected nodes. It has a CVSS score of 8.1 (HIGH).
You are affected if you are running Kubernetes versions prior to 1.28.12. Check your cluster version and upgrade immediately if vulnerable.
Upgrade your Kubernetes cluster to version 1.28.12 or later. Implement network policies and harden kubelet configurations as interim measures.
While no public exploits are currently known, the vulnerability's severity and nature make it a likely target for exploitation. Continuous monitoring is crucial.
Refer to the official Kubernetes security announcements at https://kubernetes.io/security/advisories/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.