8.1
CVE-2024-5154
- EPSS 1.26%
- Published 12.06.2024 09:15:19
- Last modified 23.06.2025 14:15:26
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Data is provided by the National Vulnerability Database (NVD)
Kubernetes ≫ Cri-o Version1.28.6
Kubernetes ≫ Cri-o Version1.29.4
Kubernetes ≫ Cri-o Version1.30.0
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Openshift Container Platform Version4.12
Redhat ≫ Openshift Container Platform Version4.13
Redhat ≫ Openshift Container Platform Version4.14
Redhat ≫ Openshift Container Platform Version4.15
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.26% | 0.787 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 8.1 | 1.7 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.