8.2
CVE-2024-9341
- EPSS 0.97%
- Veröffentlicht 01.10.2024 19:15:09
- Zuletzt bearbeitet 11.12.2024 04:15:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginA flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Containers ≫ Common SwPlatformgo
Redhat ≫ Openshift Container Platform Version4.12
Redhat ≫ Openshift Container Platform Version4.13
Redhat ≫ Openshift Container Platform Version4.14
Redhat ≫ Openshift Container Platform Version4.15
Redhat ≫ Openshift Container Platform Version4.16
Redhat ≫ Openshift Container Platform Version4.17
Redhat ≫ Enterprise Linux Version8.0 SwEdition-
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.759 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
| secalert@redhat.com | 5.4 | 1.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.