Openshift Builder Vulnerability: Command Injection via Path Traversal

CVE-2024-7387

9.1CRITICAL

Key Information

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 4.12; Red Hat Openshift Container Platform 4.13; Red Hat Openshift Container Platform 4.14; Red Hat Openshift Container Platform 4.15
Vendor: CVE Published:; 17 September 2024

Summary

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Affected Version(s)

Red Hat OpenShift Container Platform 4.12 <= v4.12.0-202409121032.p1.g609473f.assembly.stream.el8

Red Hat OpenShift Container Platform 4.13 <= v4.13.0-202409120505.p1.g2c7e99d.assembly.stream.el8

Red Hat OpenShift Container Platform 4.14 <= v4.14.0-202409111409.p1.g52565ca.assembly.stream.el8

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 9.1 - (CRITICAL)
Sep 19, 2024
Vulnerability published.
Sep 17, 2024
Reported to Red Hat.
Aug 1, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Armin Stock for reporting this issue.