A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 04:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.17::el9 | |
References |
|
Wed, 25 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-668 |
Tue, 24 Sep 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kubernetes
Kubernetes cri-o Redhat openshift Container Platform |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:kubernetes:cri-o:1.28.6:*:*:*:*:*:*:* cpe:2.3:a:kubernetes:cri-o:1.29.4:*:*:*:*:*:*:* cpe:2.3:a:kubernetes:cri-o:1.30.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Kubernetes
Kubernetes cri-o Redhat openshift Container Platform |
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 30 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat enterprise Linux
|
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat enterprise Linux
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-06-12T08:51:43.565Z
Updated: 2024-12-11T03:44:42.486Z
Reserved: 2024-05-20T20:46:53.974Z
Link: CVE-2024-5154
Vulnrichment
Updated: 2024-08-01T21:03:11.031Z
NVD
Status : Modified
Published: 2024-06-12T09:15:19.973
Modified: 2024-12-11T04:15:04.990
Link: CVE-2024-5154
Redhat