ALT-PU-2024-10370-3

Package update cri-o1.28 in branch c10f1

Version1.28.8-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (3)

HIGH8.1

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Published: 2024-07-02

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CVSS 2.0HIGH 7.7

CVSS:2.0/AV:N/AC:L/Au:M/C:C/I:C/A:N

References

CVE-2024-5154

HIGH8.1

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

Published: 2024-06-12Modified: 2025-06-23

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References

GHSA-j9hf-98c3-wrm8

HIGH8.1

malicious container creates symlink "mtab" on the host External

Published: 2024-06-04Modified: 2025-06-28

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References