Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-7387

Опубликовано: 16 сент. 2024
Источник: redhat
CVSS3: 9.1

Описание

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the spec.source.secrets.secret.destinationDir attribute of the BuildConfig definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Отчет

In all versions of OpenShift, the "Custom" build strategy gives developers permission to run arbitrary commands in a privileged container. This is disabled by default, and documentation explicitly warns that this should only be enabled for highly trusted users (eg: cluster admins). We therefore do not consider this vulnerability a privilege escalation path for "Custom" strategy builds. Microshift is not affected by this vulnerability. MicroShift does not include this OpenShift API. The Builds for Red Hat OpenShift Operator based on Shipwright is not affected by this vulnerability.

Меры по смягчению последствий

Cluster admins can follow the instructions in "Securing Builds by Strategy" to block use of the "Docker" build strategy on a cluster, or restrict the use to a set of highly trusted users, until the cluster is able to be upgraded. https://docs.openshift.com/container-platform/4.16/cicd/builds/securing-builds-by-strategy.html

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=2302259openshift/builder: Path traversal allows command injection in privileged BuildContainer using docker build strategy

9.1 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-7387

CVSS3: 9.1
nvd
больше 1 года назад

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

github логотип

GHSA-qqv8-ph7f-h3f7

CVSS3: 9.1
github
больше 1 года назад

OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer

fstec логотип

BDU:2024-07713

CVSS3: 9.1
fstec
больше 1 года назад

Уязвимость компонента openshift4/ose-docker-builder корпоративной платформы Red Hat OpenShift Container Platform, позволяющая нарушителю повысить свои привилегии на узле, на котором выполняется контейнер

9.1 Critical

CVSS3