Openshift Builder Vulnerability: Command Injection via Path Traversal

CVE-2024-7387

9.1CRITICAL

Key Information

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 4.12; Red Hat Openshift Container Platform 4.13; Red Hat Openshift Container Platform 4.14; Red Hat Openshift Container Platform 4.15
Vendor: CVE Published:; 17 September 2024

Summary

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the spec.source.secrets.secret.destinationDir attribute of the BuildConfig definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Affected Version(s)

Red Hat OpenShift Container Platform 4.12 <= v4.12.0-202409121032.p1.g609473f.assembly.stream.el8

Red Hat OpenShift Container Platform 4.13 <= v4.13.0-202409120505.p1.g2c7e99d.assembly.stream.el8

Red Hat OpenShift Container Platform 4.14 <= v4.14.0-202409111409.p1.g52565ca.assembly.stream.el8

References

https://access.redhat.com/errata/RHSA-2024:6685

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:6687

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:6689

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 17, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Armin Stock for reporting this issue.