
We found results for “”
CVE-2024-9042
Good to know:

Date: March 13, 2025
A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This issue affects kubelet through v1.29.12, v1.30.0 to v1.30.8, v1.31.0 to v1.31.4 and v1.32.0.
Severity Score
Related Resources (12)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version k8s.io/kubernetes - v1.29.13;k8s.io/kubernetes - v1.30.9;k8s.io/kubernetes - v1.31.5;k8s.io/kubernetes - v1.32.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |