High severity8.1OSV Advisory· Published Nov 22, 2024· Updated Jun 17, 2026
CVE-2024-10220
CVE-2024-10220
Description
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | < 1.28.12 | 1.28.12 |
k8s.io/kubernetesGo | >= 1.29.0, < 1.29.7 | 1.29.7 |
k8s.io/kubernetesGo | >= 1.30.0, < 1.30.3 | 1.30.3 |
Affected products
57- Range: v0.13.1-dev, v0.17.0, v1.1.0-alpha.0, …
- osv-coords56 versionspkg:apk/chainguard/argocd-image-updaterpkg:apk/chainguard/argocd-image-updater-fipspkg:apk/chainguard/aws-efs-csi-driverpkg:apk/chainguard/aws-efs-csi-driver-fipspkg:apk/chainguard/gpu-feature-discoverypkg:apk/chainguard/ip-masq-agentpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/kubernetes-dns-node-cachepkg:apk/chainguard/kubernetes-dns-node-cache-fipspkg:apk/chainguard/local-static-provisionerpkg:apk/chainguard/local-static-provisioner-compatpkg:apk/chainguard/local-static-provisioner-fipspkg:apk/chainguard/local-static-provisioner-fips-compatpkg:apk/chainguard/local-volume-node-cleanuppkg:apk/chainguard/local-volume-node-cleanup-compatpkg:apk/chainguard/local-volume-node-cleanup-fipspkg:apk/chainguard/local-volume-node-cleanup-fips-compatpkg:apk/chainguard/nodetaintpkg:apk/chainguard/rancher-webhook-0.4pkg:apk/chainguard/rancher-webhook-fips-0.4pkg:apk/chainguard/rancher-webhook-fips-0.5pkg:apk/wolfi/argocd-image-updaterpkg:apk/wolfi/aws-efs-csi-driverpkg:apk/wolfi/gpu-feature-discoverypkg:apk/wolfi/ip-masq-agentpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/kubernetes-dns-node-cachepkg:apk/wolfi/local-static-provisionerpkg:apk/wolfi/local-static-provisioner-compatpkg:apk/wolfi/local-volume-node-cleanuppkg:apk/wolfi/local-volume-node-cleanup-compatpkg:apk/wolfi/nodetaintpkg:golang/k8s.io/kubernetespkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.17.0-r1+ 55 more
- (no CPE)range: < 0.17.0-r1
- (no CPE)range: < 0.17.0-r2
- (no CPE)range: < 2.1.2-r0
- (no CPE)range: < 2.1.2-r0
- (no CPE)range: < 0.8.2-r6
- (no CPE)range: < 2.12.0-r0
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 1.23.1-r5
- (no CPE)range: < 1.23.1-r4
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r1
- (no CPE)range: < 2.7.0-r1
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r1
- (no CPE)range: < 2.7.0-r1
- (no CPE)range: < 0.0.4-r23
- (no CPE)range: < 0.4.18-r2
- (no CPE)range: < 0.4.18-r4
- (no CPE)range: < 0.5.11-r0
- (no CPE)range: < 0.17.0-r1
- (no CPE)range: < 2.1.2-r0
- (no CPE)range: < 0.8.2-r6
- (no CPE)range: < 2.12.0-r0
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 1.23.1-r5
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 2.7.0-r8
- (no CPE)range: < 0.0.4-r23
- (no CPE)range: < 1.28.12
- (no CPE)range: < 0.0.20241209T183251-1.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-27wf-5967-98gxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-10220ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/11/20/1nvdWEB
- github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29bghsaWEB
- github.com/kubernetes/kubernetes/issues/128885nvdWEB
- groups.google.com/g/kubernetes-security-announce/c/ptNgV5NeckonvdWEB
- pkg.go.dev/vuln/GO-2024-3286ghsaWEB
News mentions
0No linked articles in our index yet.