Plataforma
go
Componente
k8s.io/kubernetes
Corrigido em
1.28.12
1.29.7
1.30.3
1.28.12
1.28.12
1.28.12
CVE-2024-10220 is a critical Remote Code Execution (RCE) vulnerability discovered in the Kubernetes kubelet component. This flaw allows an attacker to execute arbitrary commands on the affected Kubernetes node, potentially leading to complete system compromise. The vulnerability impacts Kubernetes versions prior to 1.28.12, and a patch has been released to address the issue.
The impact of CVE-2024-10220 is severe. Successful exploitation allows an attacker to gain command execution on the Kubernetes node. This can be leveraged to steal sensitive data, install malware, disrupt services, or pivot to other nodes within the cluster. The blast radius extends to all workloads running on the compromised node, and depending on the node's role, could impact the entire Kubernetes cluster. This vulnerability shares similarities with previous kubelet vulnerabilities where improper input validation led to command injection, highlighting the importance of secure coding practices in Kubernetes components.
CVE-2024-10220 was publicly disclosed on November 27, 2024. The EPSS score is currently pending evaluation. While no public proof-of-concept (PoC) has been released at the time of writing, the nature of the vulnerability (RCE) makes it a high-priority target for exploitation. Monitor CISA and Kubernetes security advisories for updates and potential exploitation campaigns.
Organizations heavily reliant on Kubernetes for container orchestration are at significant risk. This includes cloud-native application deployments, microservices architectures, and any environment utilizing Kubernetes for managing containerized workloads. Specifically, clusters running older, unpatched versions of Kubernetes are particularly vulnerable.
• linux / server:
journalctl -u kubelet -g "arbitrary command execution"• linux / server:
ps aux | grep kubelet | grep -i "malicious_command"• generic web:
curl -I <kubelet_api_endpoint> | grep -i "CVE-2024-10220"disclosure
Status do Exploit
EPSS
33.23% (percentil 97%)
Vetor CVSS
The primary mitigation for CVE-2024-10220 is to upgrade your Kubernetes cluster to version 1.28.12 or later. If immediate upgrading is not feasible, consider implementing network policies to restrict access to the kubelet API. Additionally, review and harden your kubelet configuration, ensuring that only authorized users and services can interact with it. Monitor kubelet logs for suspicious activity and consider implementing runtime security tools to detect and prevent unauthorized command execution. After upgrading, confirm the fix by attempting to reproduce the vulnerability and verifying that the kubelet API is properly secured.
Actualice kubelet a la última versión disponible que contenga la corrección para esta vulnerabilidad. Consulte los avisos de seguridad de Kubernetes para obtener detalles sobre las versiones corregidas. Evite el uso de volúmenes gitRepo no confiables.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-10220 is a Remote Code Execution vulnerability in the Kubernetes kubelet component, allowing attackers to execute commands on affected nodes. It has a CVSS score of 8.1 (HIGH).
You are affected if you are running Kubernetes versions prior to 1.28.12. Check your cluster version and upgrade immediately if vulnerable.
Upgrade your Kubernetes cluster to version 1.28.12 or later. Implement network policies and harden kubelet configurations as interim measures.
While no public exploits are currently known, the vulnerability's severity and nature make it a likely target for exploitation. Continuous monitoring is crucial.
Refer to the official Kubernetes security announcements at https://kubernetes.io/security/advisories/
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo go.mod e descubra na hora se você está afetado.