OpenShift Build Process Vulnerability Affecting Red Hat Products
CVE-2024-45497

7.6HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Fuse 7; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 31 December 2024

Summary

A significant vulnerability exists in the OpenShift build process, where the docker-build container is improperly configured with a hostPath volume mount that links the node's /var/lib/kubelet/config.json file to the build pod. This critical file contains sensitive credentials essential for accessing private repositories. The flawed configuration permits unprivileged write access, allowing attackers to overwrite this file. As a result, by modifying the config.json file, an attacker can cause a denial of service, disrupting the ability of the node to pull new container images. Additionally, this vulnerability poses significant risks by potentially allowing unauthorized access to sensitive credentials, which could lead to further compromises within the system.

References

https://access.redhat.com/security/cve/CVE-2024-45497

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2308673

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Aug 30, 2024

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Thibault Guittet (Red Hat).