#VU97615 Permissions, Privileges, and Access Controls in Red Hat OpenShift Container Platform
Vulnerability identifier: #VU97615
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Red Hat OpenShift Container Platform
Client/Desktop applications /
Software for system administration
Vendor: Red Hat Inc.
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions during the build initialization step. A remote user can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Red Hat OpenShift Container Platform: 4.14.0 - 4.14.36
External links
http://access.redhat.com/security/cve/CVE-2024-45496
http://bugzilla.redhat.com/show_bug.cgi?id=2308661
http://access.redhat.com/errata/RHSA-2024:6691
http://access.redhat.com/errata/RHSA-2024:6687
http://access.redhat.com/errata/RHSA-2024:6689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
