Unauthenticated Remote Attackers Can Trigger Vulnerability in Decompression Function
CVE-2024-1485

9.3CRITICAL

Key Information:

Vendor: Red Hat
Status: Openshift Developer Tools And Services; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 14 February 2024

Summary

A vulnerability has been identified in the decompression function of the registry-support component provided by Red Hat. This issue can be exploited by an unauthenticated remote attacker who successfully convinces a user to parse a devfile that utilizes the 'parent' or 'plugin' keywords. The exploitation of this flaw may result in the download of a malicious archive, which, during the cleanup process, could inadvertently lead to the overwriting or deletion of files that are outside the designated archive boundaries. This behavior poses a significant security risk, allowing unauthorized access to critical system files.

References

https://access.redhat.com/security/cve/CVE-2024-1485

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2264106

issue-trackingx_refsource_REDHAT

https://github.com/advisories/GHSA-84xv-jfrm-h4gm

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Feb 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue.