CVE-2024-10220

HIGH

Kubernetes <1.28.11, 1.29.0-1.29.6, 1.30.0-1.30.2 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2024-10220. PoCs published by mrk336, mochizuki875, imohammed28.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-10220, a Kubernetes gitRepo volume vulnerability allowing arbitrary command execution via malicious .hooks scripts. It includes a Python exploit PoC and deployment examples via Terraform/Ansible, but lacks functional exploit code.

Description

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

Exploits (8)

nomisec WRITEUP 1 stars
by mrk336 · poc
https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability

The repository provides a detailed technical analysis of CVE-2024-10220, a Kubernetes gitRepo volume vulnerability allowing arbitrary command execution via malicious .hooks scripts. It includes a Python exploit PoC and deployment examples via Terraform/Ansible, but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Kubernetes (gitRepo volume type, versions 1.27.x)
Auth required
Prerequisites: Ability to create pods with gitRepo volumes · Access to a vulnerable Kubernetes cluster (1.27.x)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by mochizuki875 · poc
https://github.com/mochizuki875/CVE-2024-10220-githooks

This repository demonstrates CVE-2024-10220, a vulnerability in Kubernetes GitRepo volumes that allows arbitrary file write via malicious Git hooks during repository cloning. The provided YAML deploys a Pod with a GitRepo volume pointing to a crafted repository, triggering the exploit.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kubernetes (versions affected by CVE-2024-10220)
Auth required
Prerequisites: Kubernetes cluster access · Permission to create Pods with GitRepo volumes
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by imohammed28 · poc
https://github.com/imohammed28/cve-2024-10220-test

This repository contains a functional proof-of-concept exploit for CVE-2024-10220, targeting Kubernetes gitRepo volumes to achieve arbitrary command execution on nodes. The exploit uses malicious Git hooks to demonstrate the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Kubernetes kubelet gitRepo volumes
No auth needed
Prerequisites: Access to a Kubernetes cluster with gitRepo volumes enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by candranapits · poc
https://github.com/candranapits/poc-CVE-2024-10220

The repository contains only a minimal README with no exploit code, technical details, or functional proof-of-concept. It is a placeholder with no substantive content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.1
EPSS 0.3957
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (8)
k8s.io/kubernetes 0 - 1.28.12Go
Kubernetes/kubelet < 1.28.11
Kubernetes/kubelet 1.28.12
Kubernetes/kubelet 1.29.0 - 1.29.6
Kubernetes/kubelet 1.29.7
Kubernetes/kubelet 1.30.0 - 1.30.2
Kubernetes/kubelet 1.30.3
Kubernetes/kubelet 1.31.0
Published Nov 22, 2024
Tracked Since Feb 18, 2026