fkie_cve-2024-7387
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-01-09 09:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:3718
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6685
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6687
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6689
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6691
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6705
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-7387
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2302259
secalert@redhat.comhttps://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the \u201cDocker\u201d strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en openshift/builder. Esta vulnerabilidad permite la inyecci\u00f3n de comandos a trav\u00e9s de un path traversal, donde un usuario malintencionado puede ejecutar comandos arbitrarios en el nodo OpenShift que ejecuta el contenedor de compilaci\u00f3n. Al utilizar la estrategia \u201cDocker\u201d, los archivos ejecutables dentro del contenedor de compilaci\u00f3n privilegiado se pueden anular utilizando el atributo `spec.source.secrets.secret.destinationDir` de la definici\u00f3n `BuildConfig`. Un atacante que ejecute c\u00f3digo en un contenedor privilegiado podr\u00eda aumentar sus permisos en el nodo que ejecuta el contenedor."
    }
  ],
  "id": "CVE-2024-7387",
  "lastModified": "2025-01-09T09:15:07.903",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-17T00:15:52.757",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:3718"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:6685"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:6687"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:6689"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:6691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:6705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7387"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.