Unauthenticated Remote Attackers Can Trigger Vulnerability in Decompression Function
CVE-2024-1485

8HIGH

Key Information:

Status
Openshift Developer Tools And Services
Red Hat Openshift Container Platform 4
Vendor
CVE Published:
14 February 2024

What is CVE-2024-1485?

A vulnerability has been identified in the decompression function of the registry-support component provided by Red Hat. This issue can be exploited by an unauthenticated remote attacker who successfully convinces a user to parse a devfile that utilizes the 'parent' or 'plugin' keywords. The exploitation of this flaw may result in the download of a malicious archive, which, during the cleanup process, could inadvertently lead to the overwriting or deletion of files that are outside the designated archive boundaries. This behavior poses a significant security risk, allowing unauthorized access to critical system files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2024-1485
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2264106
issue-trackingx_refsource_REDHAT
https://github.com/advisories/GHSA-84xv-jfrm-h4gm

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue.
JSON
.