CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.4%
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the spec.source.secrets.secret.destinationDir
attribute of the BuildConfig
definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | openshift_builder | * | cpe:2.3:a:redhat:openshift_builder:*:*:*:*:*:*:*:* |
access.redhat.com/errata/RHSA-2024:6685
access.redhat.com/errata/RHSA-2024:6687
access.redhat.com/errata/RHSA-2024:6689
access.redhat.com/errata/RHSA-2024:6691
access.redhat.com/errata/RHSA-2024:6705
access.redhat.com/security/cve/CVE-2024-7387
bugzilla.redhat.com/show_bug.cgi?id=2302259
github.com/advisories/GHSA-qqv8-ph7f-h3f7
github.com/openshift/builder/commit/0b62633adfa2836465202bc851885e078ec888d1
nvd.nist.gov/vuln/detail/CVE-2024-7387
pkg.go.dev/vuln/GO-2024-3129