Vulnerability identifier: #VU97615
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Red Hat OpenShift Container Platform
Client/Desktop applications /
Software for system administration
Vendor: Red Hat Inc.
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions during the build initialization step. A remote user can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Red Hat OpenShift Container Platform: 4.14.0 - 4.14.36
External links
http://access.redhat.com/security/cve/CVE-2024-45496
http://bugzilla.redhat.com/show_bug.cgi?id=2308661
http://access.redhat.com/errata/RHSA-2024:6691
http://access.redhat.com/errata/RHSA-2024:6687
http://access.redhat.com/errata/RHSA-2024:6689
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.