Lucene search
Veracode Vulnerability DatabaseVERACODE:47395HistoryJun 06, 2024 - 8:43 a.m.
Path Traversal
2024-06-0608:43:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
path traversal
github.com/cri-o/cri-o
vulnerability
/etc directory
container escape
software
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
AI Score
6.4
Confidence
High
EPSS
0
Percentile
16.6%
github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to the path of the /etc directory being relative to the base of the container, which could lead to a container escape.
Related
cve
cve
CVE-2024-5154
2024-06-12 09:15:19
redhat
redhat
osv
osv
malicious container creates symlink "mtab" on the host External
2024-06-04 18:12:31
nvd
nvd
CVE-2024-5154
2024-06-12 09:15:19
nessus
nessus
RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)
2024-06-13 00:00:00
RHEL 8 : OpenShift Container Platform 4.12.60 (RHSA-2024:4008)
2024-06-27 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.13.45 (RHSA-2024:4486)
2024-07-17 00:00:00
ibm
ibm
redhatcve
redhatcve
CVE-2024-5154
2024-06-06 19:03:12
github
github
malicious container creates symlink "mtab" on the host External
2024-06-04 18:12:31
redos
redos
ROS-20240626-16
2024-06-26 00:00:00
vulnrichment
vulnrichment
CVE-2024-5154 Cri-o: malicious container can create symlink on host
2024-06-12 08:51:43
cvelist
cvelist
CVE-2024-5154 Cri-o: malicious container can create symlink on host
2024-06-12 08:51:43
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
AI Score
6.4
Confidence
High
EPSS
0
Percentile
16.6%
Related for VERACODE:47395