Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-9042

Good to know:

icon

Date: March 13, 2025

A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This issue affects kubelet through v1.29.12, v1.30.0 to v1.30.8, v1.31.0 to v1.31.4 and v1.32.0.

Severity Score

Related Resources (12)

https://seclists.org/oss-sec/2025/q1/23
https://github.com/kubernetes/kubernetes
https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
https://github.com/advisories/GHSA-vv39-3w5q-974q
http://www.openwall.com/lists/oss-security/2025/01/16/1
https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
https://nvd.nist.gov/vuln/detail/CVE-2024-9042
https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
https://github.com/kubernetes/kubernetes/issues/129654
https://www.mend.io/vulnerability-database/CVE-2024-9042

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improper Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version k8s.io/kubernetes - v1.29.13;k8s.io/kubernetes - v1.30.9;k8s.io/kubernetes - v1.31.5;k8s.io/kubernetes - v1.32.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us