Skip to content

OpenShift Controller Manager Improper Privilege Management

Critical severity GitHub Reviewed Published Sep 17, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024

Package

gomod github.com/openshift/openshift-controller-manager (Go)

Affected versions

< 0.0.0-alpha.0.0.20240911

Patched versions

0.0.0-alpha.0.0.20240911

Description

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

References

Published by the National Vulnerability Database Sep 17, 2024
Published to the GitHub Advisory Database Sep 17, 2024
Reviewed Sep 17, 2024
Last updated Sep 19, 2024

Severity

Critical

EPSS score

0.044%
(11th percentile)

Weaknesses

CVE ID

CVE-2024-45496

GHSA ID

GHSA-j8gh-87rx-c7w9
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.