GHSA-qqv8-ph7f-h3f7
GitHub Security Advisory
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
Affected Packages
Go
github.com/openshift/builder
Affected versions:
0
(last affected: 4.0.0)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 11, 2025 6:32 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.