A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
History

Tue, 28 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 28 Jan 2025 09:45:00 +0000

Type Values Removed Values Added
Title cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting
First Time appeared Redhat
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
Vendors & Products Redhat
Redhat openshift
References

Tue, 28 Jan 2025 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
Title cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting
Weaknesses CWE-22
References
Metrics threat_severity

None

cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-28T09:29:30.831Z

Updated: 2025-01-28T14:36:30.599Z

Reserved: 2025-01-27T13:53:22.286Z

Link: CVE-2025-0750

cve-icon Vulnrichment

Updated: 2025-01-28T14:36:26.644Z

cve-icon NVD

Status : Received

Published: 2025-01-28T10:15:09.317

Modified: 2025-01-28T10:15:09.317

Link: CVE-2025-0750

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-22T00:00:00Z

Links: CVE-2025-0750 - Bugzilla