Primary

Context

Kubernetes GitRepo Volume Vulnerability Allows Unauthorized Access to Local Repositories

Vulnerability

A vulnerability exists in Kubernetes clusters using the deprecated in-tree gitRepo volume feature, which allows cloning of git repositories from other pods on the same node. This issue affects all Kubernetes versions and could enable a user with pod creation permissions to access local git repositories of other pods.

Impact

Exploitation of this vulnerability could lead to unauthorized access to local git repositories of other pods on the same node.

Remediation

To address this vulnerability, use an init container to perform the git clone operation and mount the directory into the pod's container. Additionally, restrict the use of gitRepo volumes in the cluster using ValidatingAdmissionPolicy or the Restricted pod security standard policy.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

4.8

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

4.8

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kubernetes GitRepo Volume Vulnerability Allows Unauthorized Access to Local Repositories

Vulnerability

Impact

Remediation

Affected Products

Kubernetes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating