CVE-2024-45497

HIGH EPSS 41.5%

Published Dec 31, 20241y ago · Modified Jun 17, 20261w ago

7.6 CVSS 3.1

High

Published Dec 31, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.

CVSS Details

Base Score

7.6

Exploitability

2.8

Impact

4.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability High

Threat Intelligence

EPSS Exploit Probability

41.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-732

References 9

access.redhat.com https://access.redhat.com/errata/RHSA-2025:10270
access.redhat.com https://access.redhat.com/errata/RHSA-2025:10294
access.redhat.com https://access.redhat.com/errata/RHSA-2025:10747
access.redhat.com https://access.redhat.com/errata/RHSA-2025:9269
access.redhat.com https://access.redhat.com/errata/RHSA-2025:9562
access.redhat.com https://access.redhat.com/errata/RHSA-2025:9759
access.redhat.com https://access.redhat.com/errata/RHSA-2025:9765
access.redhat.com https://access.redhat.com/security/cve/CVE-2024-45497
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2308673

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.