ALT-PU-2024-9875-1

Package update cri-o1.28 in branch sisyphus_riscv64

Version1.28.8-alt1

Task#0

Published2024-07-11

Max severityHIGH

Severity:

Closed issues (2)

HIGH8.1

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Published: 2024-07-02

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CVSS 2.0HIGH 7.7

CVSS:2.0/AV:N/AC:L/Au:M/C:C/I:C/A:N

References

CVE-2024-5154

HIGH8.1

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

Published: 2024-06-12Modified: 2025-06-23

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References