CVE-2024-9042

Published Mar 13, 2025

Last updated 9 days ago

CVSS medium 5.9
Container Security

Overview

Description
This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
Source
jordan@liggitt.net
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.9
Impact score
5.2
Exploitability score
0.7
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending

  1. SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation https://t.co/3y76bhJlai https://t.co/GTjkepfwpB

    @sans_isc

    11 Dec 2025

    1405 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  2. Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) https://t.co/OyVjQhNgrn https://t.co/32AO57uIGb

    @sans_isc

    10 Dec 2025

    1042 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-9042 🟠 MEDIUM (5.9) 🏢 Kubernetes - Kubelet 🏗️ <=v1.29.12 🔗 https://t.co/s8rb7blQx2 🔗 https://t.co/RWSAxwkpRO 🚨 CVE-2025-1767 🟠 MEDIUM (6.5) 🏢 Kubernetes - Kubelet 🏗️ <=v1.32.2 🔗 https://t.co/fdCJdY5xAl 🔗 https://t.co/pmz96tY8ia https://t.co/FCNJ8rT55

    @gothburz

    14 Mar 2025

    78 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-9042 This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. https://t.co/XLMLm0P3Xh

    @CVEnew

    13 Mar 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #Akamai 最新ブログ:Kubernetes のログクエリーにおけるコマンドインジェクション Akamai のセキュリティリサーチャーが #Kubernetes の脆弱性(CVE ID:CVE-2024-9042)を発見 https://t.co/ffMHHKVavX https://t.co/66LPGpR2u9

    @akamai_jp

    19 Feb 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/RtHUsJIr3R https://t.co/oUDlpP9tkF

    @FrederickAltro1

    14 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/WLLiRKo9fr https://t.co/tiq9hnPSuw

    @epichol

    11 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/Wf0ajAFRN4 https://t.co/F8TB2omS9S

    @JohnyBradshaw

    9 Feb 2025

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/AmfkSN8Swj https://t.co/DRbIDyuwJL

    @kajka96

    6 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/r4gOf3wVUo https://t.co/ExuBxYilbr

    @joey_linode

    3 Feb 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/byDhV1U0db https://t.co/S4NwdkKOW7

    @britorodrigo

    31 Jan 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/LOYuvlTtjr https://t.co/XGMN0psKLg

    @RaghuNain

    30 Jan 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/w5bggEvZsA https://t.co/HOn2z8Nbdq

    @Jrenou

    30 Jan 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/TCNfY4k8zV https://t.co/OtczEpuIHB

    @ArminBolenius

    30 Jan 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. .@Akamai's Tomer Peled uncovered CVE-2024-9042: a critical Kubernetes vulnerability enabling RCE on Windows endpoints. Urgent patching is needed to secure systems. Learn more. @techzine #AkamaiSecurity https://t.co/NTSYzTvpa9 https://t.co/eqEv3fQ6s1

    @AngeloAkamai

    30 Jan 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-9042 - Instead of taking the time to "patch your shit" take the time to try out nanos unikernels and never deal with this crap again. https://t.co/fFsjkSvxbG

    @nanovms

    27 Jan 2025

    188 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Kubernetes の Windows Nodes の脆弱性 CVE-2024-9042:任意のコード実行の可能性 https://t.co/y9os5n3vfF Kubernetes の Kubelet コンポーネントに存在する脆弱性が FIX しました。この脆弱性は、Windows Worker Nodes に固有のものとのことですので、そのあたりもご確認ください。 #Container… https://t.co/iJBhrCKKx4

    @iototsecnews

    27 Jan 2025

    30 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Kubernetes の Windows Nodes の脆弱性 CVE-2024-9042:任意のコード実行の可能性 https://t.co/y9os5n3vfF Kubernetes の Kubelet コンポーネントに存在する脆弱性が FIX しました。この脆弱性は、Windows Worker Nodes に固有のものとのことですので、そのあたりもご確認ください。 #Container… https://t.co/XtLasNoQRr

    @iototsecnews

    27 Jan 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Una vulnerabilidad crítica en Kubernetes, designada como CVE-2024-9042, permite a los atacantes ejecutar código remoto con privilegios de SISTEMA en todos los nodos de Windows dentro de un clúster, afectando a la nueva función de registro beta llamada “Log Query”. 🧉 https://t.c

    @MarquisioX

    25 Jan 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2024-9042允许攻击者通过k8s api server 的/log接口在windows node上执行任意命令,原因是Windows上的某些log操作是通过运行Powershell实现的,会被注入:https://t.co/Uraxzvacza 这个实现也太糙了。

    @spacewander_lzx

    24 Jan 2025

    776 Impressions

    1 Retweet

    11 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  21. ⚠️ [Security Advisory] CVE-2024-9042 ⚠️ Pay attention to A security vulnerability has been discovered in K8s Windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. https://t.co/6mmwp4XqaZ

    @cloudnativeboy

    20 Jan 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. #exploit 1. CVE-2024-9042: Command Injection in Windows Kubernetes Nodes https://t.co/KIe2o20Kv9 2. CVE-2024-38041: Exploiting MS Kernel Applocker Driver https://t.co/CyVTYgwnb7

    @ksg93rd

    18 Jan 2025

    135 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  23. The Kubernetes Security Response Committee has published an advisory for CVE-2024-9042, affecting Windows worker nodes querying the /logs endpoint. Iain Smart, Principal Security Consultant at AmberWolf, reproduced the issue & shared detection insights in our latest blog.

    @AmberWolfSec

    17 Jan 2025

    2410 Impressions

    4 Retweets

    6 Likes

    3 Bookmarks

    1 Reply

    1 Quote

  24. CVE-2024-9042 impacts Kubernetes Windows Worker Nodes #CVE-2024-9042 #Kubernetes https://t.co/FNQT1ahEV0

    @pravin_karthik

    17 Jan 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2024-9042 [kubernetes] CVE-2024-9042 https://t.co/9OQwGC4tg2

    @VulmonFeeds

    16 Jan 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. A big #kubernetes vulnerability (CVE-2024-9042) discovered in windows worker nodes: The flaw enables attackers to execute arbitrary commands on the host machine by exploiting the node’s /logs endpoint. The fix has been pushed in latest v1.29.13 update. Please do update..… htt

    @9wxg1

    16 Jan 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2024-9042: Kubernetes: Command Injection affecting Windows nodes via nodes/*/logs/query API https://t.co/OYpspoKXnT

    @oss_security

    16 Jan 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-9042: Code Execution Vulnerability Found in Kubernetes Windows Nodes Secure your Kubernetes clusters running Windows worker nodes from CVE-2024-9042. Learn how to upgrade Kubelet to the patched versions and protect your systems https://t.co/eNZAMqPMjV

    @the_yellow_fall

    16 Jan 2025

    568 Impressions

    5 Retweets

    15 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. CVE-2025-14269
  2. Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm to an internal URL (e.g., http://127.0.0.1:3000/), causing Model Runner running on the host to make arbitrary GET requests to internal services and reflect the full response body back to the caller. Additionally, the token exchange mechanism can relay data from internal services back to the attacker-controlled registry via the Authorization: Bearer header. This issue has been patched in version 1.1.25. For Docker Desktop users, enabling Enhanced Container Isolation (ECI) blocks container access to Model Runner, preventing exploitation. However, if the Docker Model Runner is exposed to localhost over TCP in specific configurations, the vulnerability is still exploitable.CVE-2026-33990
  3. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.CVE-2026-34040
  4. Aquasecurity Trivy Embedded Malicious Code VulnerabilityCVE-2026-33634
  5. A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.CVE-2026-3864

References

Sources include official advisories and independent security research.