CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9042 – kubelet: Command Injection affecting Windows nodes via nodes/*/logs/query API
https://notcve.org/view.php?id=CVE-2024-9042
28 Feb 2025 — This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. A flaw was found in Kubernetes Windows nodes. This vulnerability allows a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. These are all security issues fixed in the govulncheck-vulndb-0.0.20250327T184518-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/kubernetes/kubernetes/issues/129654 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1767 – openSUSE Security Advisory - openSUSE-SU-2025:14924-1
https://notcve.org/view.php?id=CVE-2025-1767
28 Feb 2025 — This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable. These are all security issues fixed in the govulncheck-vulndb-0.0.20250327T184518-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/kubernetes/kubernetes/pull/130786 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0426 – k8s.io/kubernetes: kubelet: node denial of service via kubelet checkpoint API
https://notcve.org/view.php?id=CVE-2025-0426
13 Feb 2025 — A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. A flaw was found in Kubernetes. A large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may fill the Node's disk, potentially leading to a Node denial of service. These are all security issues fixed in the kubernetes1.30-apiserver-1.30.1... • https://github.com/kubernetes/kubernetes/issues/130016 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 10%CPEs: 3EXPL: 6CVE-2024-10220 – Arbitrary command execution through gitRepo volume
https://notcve.org/view.php?id=CVE-2024-10220
22 Nov 2024 — The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. • https://github.com/mochizuki875/CVE-2024-10220-githooks • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •