{"id":"CVE-2025-1767","details":"This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.","aliases":["GHSA-3wgm-2gw2-vh5m","GO-2025-3521"],"modified":"2026-05-18T05:58:03.828450598Z","published":"2025-03-13T16:40:42.663Z","related":["CGA-6r94-fg49-6632","openSUSE-SU-2025:14924-1","openSUSE-SU-2025:14925-1","openSUSE-SU-2025:14926-1","openSUSE-SU-2025:14927-1","openSUSE-SU-2025:14937-1"],"database_specific":{"cwe_ids":["CWE-20"],"cna_assigner":"kubernetes","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1767.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/03/13/9"},{"type":"WEB","url":"https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1767.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1767"},{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/pull/130786"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"0"},{"last_affected":"67a30c0adcf52bd3f56ff0893ce19966be12991f"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"v1.32.2"}],"source":"AFFECTED_FIELD"}}],"versions":["v1.32.2","v1.33.0-alpha.0","v1.32.1","v1.32.0","v1.32.0-rc.2","v1.32.0-rc.1","v1.32.0-rc.0","v1.32.0-beta.0","v1.32.0-alpha.3","v1.32.0-alpha.2","v1.32.0-alpha.1","v1.32.0-alpha.0","v1.31.0-beta.0","v1.31.0-alpha.3","v1.31.0-alpha.2","v1.31.0-alpha.1","v1.31.0-alpha.0","v1.30.0-beta.0","v1.30.0-alpha.0","v1.30.0-alpha.3","v1.30.0-alpha.2","v1.30.0-alpha.1","v1.29.0-alpha.3","v1.29.0-alpha.2","v1.29.0-alpha.1","v1.28.0-beta.0","v1.29.0-alpha.0","v1.28.0-alpha.4","v1.28.0-alpha.3","v1.28.0-alpha.2","v1.28.0-alpha.1","v1.28.0-alpha.0","v1.27.0-beta.0","v1.27.0-alpha.3","v1.27.0-alpha.2","v1.27.0-alpha.1","v1.27.0-alpha.0","v1.26.0-beta.0","v1.26.0-alpha.3","v1.26.0-alpha.2","v1.26.0-alpha.1","v1.26.0-alpha.0","v1.25.0-beta.0","v1.25.0-alpha.3","v1.25.0-alpha.2","v1.25.0-alpha.0","v1.25.0-alpha.1","v1.24.0-beta.0","v1.24.0-alpha.4","v1.24.0-alpha.3","v1.24.0-alpha.2","v1.24.0-alpha.1","v1.24.0-alpha.0","v1.23.0-alpha.4","v1.23.0-alpha.3","v1.23.0-alpha.2","v1.23.0-alpha.1","v1.23.0-alpha.0","v1.22.0-beta.2","v1.22.0-beta.1","v1.22.0-beta.0","v1.22.0-alpha.3","v1.22.0-alpha.2","v1.22.0-alpha.1","v1.22.0-alpha.0","v1.21.0-beta.1","v1.21.0-beta.0","v1.21.0-alpha.3","v1.21.0-alpha.2","v1.21.0-alpha.1","v1.21.0-alpha.0","v1.20.0-beta.2","v1.20.0-beta.1","v1.20.0-beta.0","v1.20.0-alpha.3","v1.20.0-alpha.2","v1.20.0-alpha.1","v1.20.0-alpha.0","v1.19.0-beta.2","v1.19.0-beta.1","v1.19.0-beta.0","v1.19.0-alpha.3","v1.19.0-alpha.2","v1.19.0-alpha.1","v1.19.0-alpha.0","v1.18.0-alpha.5","v1.18.0-alpha.4","v1.18.0-alpha.2","v1.18.0-alpha.1","v1.18.0-alpha.0","v1.17.0-alpha.3","v1.17.0-alpha.1","v1.17.0-alpha.2","v1.17.0-alpha.0","v1.16.0-alpha.3","v1.16.0-alpha.2","v1.16.0-alpha.1","v1.16.0-alpha.0","v1.15.0-alpha.3","v1.15.0-alpha.2","v1.15.0-alpha.1","v1.14.0-alpha.3","v1.15.0-alpha.0","v1.14.0-alpha.2","v1.14.0-alpha.1","v1.14.0-alpha.0","v1.13.0-alpha.3","v1.13.0-alpha.2","v1.13.0-alpha.1","v1.13.0-alpha.0","v1.12.0-alpha.1","v1.12.0-alpha.0","v1.11.0-alpha.2","v1.11.0-alpha.1","v1.11.0-alpha.0","v1.10.0-alpha.3","v1.10.0-alpha.2","v1.10.0-alpha.1","v1.9.0-alpha.3","v1.10.0-alpha.0","v1.9.0-alpha.2","v1.9.0-alpha.1","v1.9.0-alpha.0","v1.8.0-alpha.3","v1.8.0-alpha.2","v1.8.0-alpha.0","v1.8.0-alpha.1","v1.7.0-alpha.4","v1.7.0-alpha.3","v1.7.0-alpha.2","v1.7.0-alpha.1","v1.7.0-alpha.0","v1.6.0-alpha.3","v1.6.0-alpha.2","v1.6.0-alpha.1","v1.6.0-alpha.0","v1.5.0-alpha.2","v1.5.0-alpha.1","v1.5.0-alpha.0","v1.4.0-alpha.3","v1.4.0-alpha.1","v1.4.0-alpha.2","v1.3.0-alpha.5","v1.3.0-alpha.4","v1.3.0-alpha.3","v1.3.0-alpha.1","v1.3.0-alpha.2","v1.3.0-alpha.0","v1.2.0-alpha.8","v1.2.0-alpha.7","v1.2.0-alpha.6","v1.2.0-alpha.5","v1.2.0-alpha.4","v1.2.0-alpha.3","v1.2.0-alpha.2","v1.2.0-alpha.1","v1.1.0-alpha.1","v1.1.0-alpha.0","v0.17.0","v0.13.1-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1767.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}]}