A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-26T03:12:38.036Z
Updated: 2024-09-16T19:15:59.066Z
Reserved: 2024-04-01T19:43:56.801Z
Link: CVE-2024-3154
Vulnrichment
Updated: 2024-08-01T20:05:07.032Z
NVD
Status : Awaiting Analysis
Published: 2024-04-26T04:15:09.217
Modified: 2024-11-21T09:29:01.100
Link: CVE-2024-3154
Redhat