8.1
CVE-2024-5154
- EPSS 1.24%
- Veröffentlicht 12.06.2024 09:15:19
- Zuletzt bearbeitet 23.06.2025 14:15:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Cri-o: malicious container can create symlink on host
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubernetes ≫ Cri-o Version1.28.6
Kubernetes ≫ Cri-o Version1.29.4
Kubernetes ≫ Cri-o Version1.30.0
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Openshift Container Platform Version4.12
Redhat ≫ Openshift Container Platform Version4.13
Redhat ≫ Openshift Container Platform Version4.14
Redhat ≫ Openshift Container Platform Version4.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.652 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8.1 | 1.7 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:10818
https://access.redhat.com/errata/RHSA-2024:3676
https://access.redhat.com/errata/RHSA-2024:3700
https://access.redhat.com/errata/RHSA-2024:4008
https://access.redhat.com/errata/RHSA-2024:4486
https://access.redhat.com/security/cve/CVE-2024-5154
https://bugzilla.redhat.com/show_bug.cgi?id=2280190
https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8