VDB
AZL-53652
AZL-53652
PUBLISHED
CVSS 9.300000190734863 CRITICAL
CVE-2024-10220 affecting package kubernetes for versions less than 1.28.4-14
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:2 | kubernetes | 0, 0 |
Exploit Intelligence
- orgC/CVE-2024-10220-demo (github-poc-repo)
- CVE-2024-10220 reveals a critical flaw in Kubernetes’ deprecated gitRepo volume type, allowing attackers to execute arbitrary commands via malicious .hooks scripts. The article explains how this breaks container isolation and offers exploit code, automation examples, and mitigation guidance (github-poc-repo)
- saleha-muzammil/cve-2024-10220-git-on-git (github-poc-repo)
- Testing CVE-2024-10220 for HPC security research (github-poc-repo)
- Testing CVE-2024-10220 for HPC security research (github-poc)
- saleha-muzammil/cve-2024-10220-git-on-git (github-poc)
- CVE-2024-10220 reveals a critical flaw in Kubernetes’ deprecated gitRepo volume type, allowing attackers to execute arbitrary commands via malicious .hooks scripts. The article explains how this breaks container isolation and offers exploit code, automation examples, and mitigation guidance (github-poc)
- orgC/CVE-2024-10220-demo (github-poc)
- CVE-2024-10220 POC (github-poc)
- filipzag/CVE-2024-10220 (github-poc)
…and 6 more exploits
Timeline
- Nov 22, 2024 CVE Published
- Apr 21, 2026 CVE Updated