A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 30 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat enterprise Linux
|
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat enterprise Linux
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-06-12T08:51:43.565Z
Updated: 2024-09-18T20:21:35.387Z
Reserved: 2024-05-20T20:46:53.974Z
Link: CVE-2024-5154
Vulnrichment
Updated: 2024-08-01T21:03:11.031Z
NVD
Status : Awaiting Analysis
Published: 2024-06-12T09:15:19.973
Modified: 2024-07-17T05:15:10.880
Link: CVE-2024-5154
Redhat