2337297 – (CVE-2024-9042) CVE-2024-9042 kubelet: Command Injection affecting Windows nodes via nodes/*/logs/query API

Bug 2337297 (CVE-2024-9042) - CVE-2024-9042 kubelet: Command Injection affecting Windows nodes via nodes/*/logs/query API

Summary: CVE-2024-9042 kubelet: Command Injection affecting Windows nodes via nodes/*/...

Keywords:
Status:	NEW
Alias:	CVE-2024-9042
Deadline:	2025-01-15
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-13 06:11 UTC by OSIDB Bzimport
Modified:	2025-04-22 13:21 UTC (History)
CC List:	41 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-01-13 06:11:59 UTC

Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system.

This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Affected Versions
  *   v1.32.0
  *   v1.31.0 to v1.31.4
  *   v1.30.0 to v1.30.8
  *   <=v1.29.12
To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs.

Note You need to log in before you can comment on or make changes to this bug.

alcohan
amctagga
anjoseph
danken
dfreiber
drow
dymurray
eglynn
fdeutsch
gparvin
jaharrin
jburrell
jeder
jforrest
jjoyce
jkoehler
jmatthew
jprabhak
jschluet
lhh
lphiri
lsvaty
mburns
mgarciac
mwringe
njean
nobody
oramraz
owatkins
pahickey
pgrist
rhaigner
rjohnson
sakbas
security-response-team
smullick
stirabos
thason
vkumar
whayutin
wtam