openEuler update for kubernetes
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-10220 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
openEuler Operating systems & Components / Operating system kubernetes-node Operating systems & Components / Operating system package or component kubernetes-master Operating systems & Components / Operating system package or component kubernetes-kubelet Operating systems & Components / Operating system package or component kubernetes-kubeadm Operating systems & Components / Operating system package or component kubernetes-help Operating systems & Components / Operating system package or component kubernetes-client Operating systems & Components / Operating system package or component kubernetes Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU101778
Risk: Medium
CVSSv4.0: 8.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-10220
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to an error when handling gitRepo volumes. A remote user with the ability to create a pod and associate a gitRepo volume can execute arbitrary commands beyond the container boundary.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
kubernetes-node: before 1.20.2-26
kubernetes-master: before 1.20.2-26
kubernetes-kubelet: before 1.20.2-26
kubernetes-kubeadm: before 1.20.2-26
kubernetes-help: before 1.20.2-26
kubernetes-client: before 1.20.2-26
kubernetes: before 1.20.2-26
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:kubernetes-node:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kubernetes-master:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kubernetes-kubelet:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kubernetes-kubeadm:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kubernetes-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kubernetes-client:*:*:*:*:*:openeuler:*:*
- cpe:2.3:o:openeuler:kubernetes:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2532
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
