A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.12::el8 | |
References |
|
Thu, 19 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
References |
|
Thu, 19 Sep 2024 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.16::el9 |
|
References |
|
Thu, 19 Sep 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.13::el8 | |
References |
|
Tue, 17 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 00:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | openshift/builder: Path traversal allows command injection in privileged BuildContainer using docker build strategy | Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy |
First Time appeared |
Redhat
Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 | |
Vendors & Products |
Redhat
Redhat openshift |
|
References |
|
Mon, 16 Sep 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container. | |
Title | openshift/builder: Path traversal allows command injection in privileged BuildContainer using docker build strategy | |
Weaknesses | CWE-250 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-16T23:58:35.176Z
Updated: 2024-09-19T19:47:42.357Z
Reserved: 2024-08-01T15:14:15.077Z
Link: CVE-2024-7387
Vulnrichment
Updated: 2024-09-17T15:58:40.387Z
NVD
Status : Received
Published: 2024-09-17T00:15:52.757
Modified: 2024-09-19T20:15:07.277
Link: CVE-2024-7387
Redhat