CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1767 – openSUSE Security Advisory - openSUSE-SU-2025:14924-1
https://notcve.org/view.php?id=CVE-2025-1767
28 Feb 2025 — This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable. These are all security issues fixed in the govulncheck-vulndb-0.0.20250327T184518-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/kubernetes/kubernetes/pull/130786 • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9042 – kubelet: Command Injection affecting Windows nodes via nodes/*/logs/query API
https://notcve.org/view.php?id=CVE-2024-9042
28 Feb 2025 — This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. A flaw was found in Kubernetes Windows nodes. This vulnerability allows a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. These are all security issues fixed in the govulncheck-vulndb-0.0.20250327T184518-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/kubernetes/kubernetes/issues/129654 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 12%CPEs: 3EXPL: 6CVE-2024-10220 – Arbitrary command execution through gitRepo volume
https://notcve.org/view.php?id=CVE-2024-10220
22 Nov 2024 — The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. These are all security issues fixed in the govulncheck-vulndb-0.0.20241209T183251-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/mochizuki875/CVE-2024-10220-githooks • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •