CVE-2024-5154

2024-06-1209:15:19

CWE-668

[email protected]

web.nvd.nist.gov

flaw

cri-o

symbolic link

file access

container

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“…/“). This flaw allows the container to read and write to arbitrary files on the host system.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cri-o",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.27.7-3.rhaos4.14.git674563e.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cri-o",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.28.7-2.rhaos4.15.git111aec5.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el9",
      "cpe:/a:redhat:openshift:4.15::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 3.11",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cri-o",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openshift:3.11"
    ]
  }
]