A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.12::el8 | |
References |
|
Thu, 19 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
References |
|
Thu, 19 Sep 2024 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.16::el9 |
|
References |
|
Thu, 19 Sep 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.13::el8 | |
References |
|
Tue, 17 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | openshift-controller-manager: Elevated Build Pods Can Lead to Node Compromise in OpenShift | Openshift-controller-manager: elevated build pods can lead to node compromise in openshift |
First Time appeared |
Redhat
Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 | |
Vendors & Products |
Redhat
Redhat openshift |
|
References |
|
Mon, 16 Sep 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | |
Title | openshift-controller-manager: Elevated Build Pods Can Lead to Node Compromise in OpenShift | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-16T23:58:59.399Z
Updated: 2024-12-18T15:17:34.541Z
Reserved: 2024-08-30T10:12:13.684Z
Link: CVE-2024-45496
Vulnrichment
Updated: 2024-09-17T15:05:11.698Z
NVD
Status : Awaiting Analysis
Published: 2024-09-17T00:15:52.433
Modified: 2024-09-20T12:31:20.110
Link: CVE-2024-45496
Redhat