{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3154", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-01T19:43:56.801Z", "datePublished": "2024-04-26T03:12:38.036Z", "dateUpdated": "2024-09-16T19:15:59.066Z"}, "containers": {"cna": {"title": "Cri-o: arbitrary command injection via pod annotation", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "affected", "versions": [{"version": "0:1.25.5-16.2.rhaos4.12.gitcb09013.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "affected", "versions": [{"version": "0:1.26.5-16.2.rhaos4.13.git67e2a9d.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "affected", "versions": [{"version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "affected", "versions": [{"version": "0:1.28.6-2.rhaos4.15.git77bbb1c.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:3.11"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2669", "name": "RHSA-2024:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2672", "name": "RHSA-2024:2672", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2784", "name": "RHSA-2024:2784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3496", "name": "RHSA-2024:3496", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3154", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532", "name": "RHBZ#2272532", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"}, {"url": "https://github.com/opencontainers/runc/pull/4217"}, {"url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"}], "datePublic": "2024-04-22T16:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "timeline": [{"lang": "en", "time": "2024-04-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-22T16:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Akihiro Suda and C\u00e9dric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T19:15:59.066Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-26T17:14:54.871751Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:31:24.003Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.032Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2669", "name": "RHSA-2024:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2672", "name": "RHSA-2024:2672", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2784", "name": "RHSA-2024:2784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3496", "name": "RHSA-2024:3496", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3154", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532", "name": "RHBZ#2272532", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j", "tags": ["x_transferred"]}, {"url": "https://github.com/opencontainers/runc/pull/4217", "tags": ["x_transferred"]}, {"url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2669", "name": "RHSA-2024:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2672", "name": "RHSA-2024:2672", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2784", "name": "RHSA-2024:2784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3496", "name": "RHSA-2024:3496", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3154", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532", "name": "RHBZ#2272532", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j", "tags": ["x_transferred"]}, {"url": "https://github.com/opencontainers/runc/pull/4217", "tags": ["x_transferred"]}, {"url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.032Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-26T17:14:54.871751Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-26T17:15:08.210Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Cri-o: arbitrary command injection via pod annotation", "credits": [{"lang": "en", "value": "Red Hat would like to thank Akihiro Suda and C\u00e9dric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.12", "versions": [{"status": "unaffected", "version": "0:1.25.5-16.2.rhaos4.12.gitcb09013.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "cri-o", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "versions": [{"status": "unaffected", "version": "0:1.26.5-16.2.rhaos4.13.git67e2a9d.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "cri-o", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "cri-o", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "0:1.28.6-2.rhaos4.15.git77bbb1c.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "cri-o", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:3.11"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "packageName": "cri-o", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-22T16:00:00+00:00", "value": "Made public."}], "datePublic": "2024-04-22T16:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2669", "name": "RHSA-2024:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2672", "name": "RHSA-2024:2672", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2784", "name": "RHSA-2024:2784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3496", "name": "RHSA-2024:3496", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3154", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532", "name": "RHBZ#2272532", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"}, {"url": "https://github.com/opencontainers/runc/pull/4217"}, {"url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"}], "descriptions": [{"lang": "en", "value": "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T19:15:59.066Z"}, "x_redhatCweChain": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}}, "cveMetadata": {"cveId": "CVE-2024-3154", "state": "PUBLISHED", "dateUpdated": "2024-09-16T19:15:59.066Z", "dateReserved": "2024-04-01T19:43:56.801Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-26T03:12:38.036Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotaci\u00f3n Pod. Cualquier usuario que pueda crear un pod con una anotaci\u00f3n arbitraria puede realizar una acci\u00f3n arbitraria en el sistema host."}], "id": "CVE-2024-3154", "lastModified": "2024-11-21T09:29:01.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-26T04:15:09.217", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2669"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2672"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2784"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3496"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3154"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532"}, {"source": "secalert@redhat.com", "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"}, {"source": "secalert@redhat.com", "url": "https://github.com/opencontainers/runc/pull/4217"}, {"source": "secalert@redhat.com", "url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-3154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/opencontainers/runc/pull/4217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Akihiro Suda and C\u00e9dric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:2784", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "cri-o-0:1.25.5-16.2.rhaos4.12.gitcb09013.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-05-16T00:00:00Z"}, {"advisory": "RHSA-2024:3496", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-o-0:1.26.5-16.2.rhaos4.13.git67e2a9d.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:2672", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "cri-o-0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2669", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "cri-o-0:1.28.6-2.rhaos4.15.git77bbb1c.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-09T00:00:00Z"}], "bugzilla": {"description": "cri-o: Arbitrary command injection via pod annotation", "id": "2272532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.", "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."], "name": "CVE-2024-3154", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-04-22T16:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3154\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3154\nhttps://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j\nhttps://github.com/opencontainers/runc/pull/4217\nhttps://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"], "threat_severity": "Important"}