Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uge5-g4vw-n7de
Summary
Kubernetes GitRepo Volume Inadvertent Local Repository Access
A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Aliases
0
alias CVE-2025-1767
1
alias GHSA-3wgm-2gw2-vh5m
Fixed_packages
0
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1767.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1767.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1767
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28595
published_at 2026-04-07T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28701
published_at 2026-04-09T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.2874
published_at 2026-04-02T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28661
published_at 2026-04-08T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.28788
published_at 2026-04-04T12:55:00Z
5
value 0.00106
scoring_system epss
scoring_elements 0.28606
published_at 2026-04-18T12:55:00Z
6
value 0.00106
scoring_system epss
scoring_elements 0.2863
published_at 2026-04-16T12:55:00Z
7
value 0.00106
scoring_system epss
scoring_elements 0.28611
published_at 2026-04-13T12:55:00Z
8
value 0.00106
scoring_system epss
scoring_elements 0.28659
published_at 2026-04-12T12:55:00Z
9
value 0.00106
scoring_system epss
scoring_elements 0.28703
published_at 2026-04-11T12:55:00Z
10
value 0.0025
scoring_system epss
scoring_elements 0.48222
published_at 2026-04-21T12:55:00Z
11
value 0.0025
scoring_system epss
scoring_elements 0.48203
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1767
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1767
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
5
reference_url https://github.com/kubernetes/kubernetes/pull/130786
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-13T19:21:24Z/
url https://github.com/kubernetes/kubernetes/pull/130786
6
reference_url https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-13T19:21:24Z/
url https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1767
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1767
8
reference_url http://www.openwall.com/lists/oss-security/2025/03/13/9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/13/9
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2351269
reference_id 2351269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2351269
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 280
name Improper Handling of Insufficient Permissions or Privileges
description The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uge5-g4vw-n7de