CVE-2024-5154
HIGH EPSS 65.4%
Published Jun 12, 20242y ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
Published Jun 12, 2024 2y ago
Last Modified Jun 17, 2026 1w ago
Description
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality High
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
65.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| kubernetes | cri-o | 1.28.6 | any |
| kubernetes | cri-o | 1.29.4 | any |
| kubernetes | cri-o | 1.30.0 | any |
| redhat | openshift_container_platform | 3.11 | any |
| redhat | openshift_container_platform | 4.0 | any |
| redhat | openshift_container_platform | 4.12 | any |
| redhat | openshift_container_platform | 4.13 | any |
| redhat | openshift_container_platform | 4.14 | any |
| redhat | openshift_container_platform | 4.15 | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
References 9
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:10818
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:3676
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:3700
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:4008
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:4159
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:4486
- access.redhat.com https://access.redhat.com/security/cve/CVE-2024-5154
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2280190
- github.com https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.