BDU:2024-04923

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References:

CVE-2024-5154

Published: 2024-06-12
Modified: 2024-12-11

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

References:

RHSA-2024:10818
RHSA-2024:3676
RHSA-2024:3676
RHSA-2024:3700
RHSA-2024:3700
RHSA-2024:4008
RHSA-2024:4008
RHSA-2024:4486
RHSA-2024:4486
https://access.redhat.com/security/cve/CVE-2024-5154
https://access.redhat.com/security/cve/CVE-2024-5154
RHBZ#2280190
RHBZ#2280190
https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8

Version: 2.1.0

Package cri-o1.28 update in sisyphus_riscv64 on 2024-07-11

ALT-PU-2024-9875-1

Closed vulnerabilities

BDU:2024-04923

CVE-2024-5154