GHSA-vv39-3w5q-974q

Source

https://github.com/advisories/GHSA-vv39-3w5q-974q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-vv39-3w5q-974q/GHSA-vv39-3w5q-974q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vv39-3w5q-974q

Aliases

CVE-2024-9042

Published

2025-03-13T18:32:22Z

Modified

2025-03-13T21:39:13.255232Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API

Details

A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Database specific

{
    "nvd_published_at": "2025-03-13T17:15:34Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-77"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-13T21:24:12Z"
}

References