2024-06-12 10:03:20 +00:00
{
"id" : "CVE-2024-5154" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2024-06-12T09:15:19.973" ,
2024-09-25 08:03:20 +00:00
"lastModified" : "2024-09-25T06:15:04.890" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2024-06-12 10:03:20 +00:00
"descriptions" : [
{
"lang" : "en" ,
2024-07-16 20:03:13 +00:00
"value" : "A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (\u201c../\u201c). This flaw allows the container to read and write to arbitrary files on the host system."
2024-06-13 20:03:12 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se encontr\u00f3 un defecto en cri-o. Un contenedor malicioso puede crear un enlace simb\u00f3lico que apunte a un directorio o archivo arbitrario en el host mediante el directory traversal (\u201c../\u201d). Esta falla permite que el contenedor lea y escriba en archivos arbitrarios en el sistema host."
2024-06-12 10:03:20 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 8.1 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.7 ,
"impactScore" : 5.8
}
]
} ,
"weaknesses" : [
{
2024-09-25 08:03:20 +00:00
"source" : "secalert@redhat.com" ,
2024-06-12 10:03:20 +00:00
"type" : "Primary" ,
2024-09-24 16:03:26 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-22"
}
]
} ,
{
2024-09-25 08:03:20 +00:00
"source" : "nvd@nist.gov" ,
2024-09-24 16:03:26 +00:00
"type" : "Secondary" ,
2024-06-12 10:03:20 +00:00
"description" : [
{
"lang" : "en" ,
2024-09-25 08:03:20 +00:00
"value" : "CWE-22"
2024-06-12 10:03:20 +00:00
}
]
}
] ,
2024-09-24 16:03:26 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:kubernetes:cri-o:1.28.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5B2B5E94-63E3-4389-9E60-42C1994261BB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:kubernetes:cri-o:1.29.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "14FB1E55-19A8-4938-8D0B-C5A4F6251023"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:kubernetes:cri-o:1.30.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AC775014-0A15-4E70-A968-AAD7181254E6"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F87326E-0B56-4356-A889-73D026DB1D4B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "932D137F-528B-4526-9A89-CD59FA1AB0FE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "40449571-22F8-44FA-B57B-B43F71AB25E2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "486B3F69-1551-4F8B-B25B-A5864248811B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4716808D-67EB-4E14-9910-B248A500FAFA"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4CFF558-3C47-480D-A2F0-BABF26042943"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
] ,
2024-06-12 10:03:20 +00:00
"references" : [
{
"url" : "https://access.redhat.com/errata/RHSA-2024:3676" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
2024-06-12 10:03:20 +00:00
} ,
2024-06-18 12:03:12 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2024:3700" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
2024-06-18 12:03:12 +00:00
} ,
2024-06-27 06:03:11 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2024:4008" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
2024-06-27 06:03:11 +00:00
} ,
2024-07-17 06:03:16 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2024:4486" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
2024-07-17 06:03:16 +00:00
} ,
2024-06-12 10:03:20 +00:00
{
"url" : "https://access.redhat.com/security/cve/CVE-2024-5154" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
2024-06-12 10:03:20 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2280190" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking"
]
2024-06-12 10:03:20 +00:00
} ,
{
"url" : "https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8" ,
2024-09-24 16:03:26 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
2024-06-12 10:03:20 +00:00
}
]
}
