CVE-2024-5154

June 12, 2024, 9:15 a.m.

8.1
High

Description

A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

Product(s) Impacted

Product Versions
cri-o

Weaknesses

References

https://access.redhat.com/errata/RHSA-2024:3676
https://access.redhat.com/security/cve/CVE-2024-5154
https://bugzilla.redhat.com/show_bug.cgi?id=2280190
https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8

Tags

secalert@redhat.com
CWE-668
2024-06-12
CVE-2024-5154

CVSS Score

8.1 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Date

  • Published: June 12, 2024, 9:15 a.m.
  • Last Modified: June 12, 2024, 9:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.