A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
Metrics
Affected Vendors & Products
References
History
Tue, 28 Jan 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 28 Jan 2025 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting | Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting |
First Time appeared |
Redhat
Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 | |
Vendors & Products |
Redhat
Redhat openshift |
|
References |
|
Tue, 28 Jan 2025 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories. | |
Title | cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2025-01-28T09:29:30.831Z
Updated: 2025-01-28T14:36:30.599Z
Reserved: 2025-01-27T13:53:22.286Z
Link: CVE-2025-0750
Vulnrichment
Updated: 2025-01-28T14:36:26.644Z
NVD
Status : Received
Published: 2025-01-28T10:15:09.317
Modified: 2025-01-28T10:15:09.317
Link: CVE-2025-0750
Redhat