Lucene search

K
redosRedosROS-20240522-01
HistoryMay 22, 2024 - 12:00 a.m.

ROS-20240522-01

2024-05-2200:00:00
redos.red-soft.ru
3
cri-o
container mechanism
vulnerability
remote attackers
arbitrary actions
pod annotation
exploitation
host system
unix

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.0%

A vulnerability in the CRI-O container mechanism is related to the injection of an arbitrary property via the Pod annotation.
systemd. Exploitation of the vulnerability could allow an attacker acting remotely to perform an
an arbitrary action on the host system

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64cri-o<= 1.24.1-5UNKNOWN

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.0%