THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-3154

Cri-o: arbitrary command injection via pod annotation

Reserved:2024-04-01
Published:2024-04-26
Updated:2024-05-27

Description

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status
affected

0:1.25.5-16.2.rhaos4.12.gitcb09013.el8 before *
unaffected

Default status
affected

0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9 before *
unaffected

Default status
affected

0:1.28.6-2.rhaos4.15.git77bbb1c.el8 before *
unaffected

Default status
unaffected

Timeline

2024-04-01:Reported to Red Hat.
2024-04-22:Made public.

Credits

Red Hat would like to thank Akihiro Suda and Cédric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter.

References

https://access.redhat.com/errata/RHSA-2024:2669 (RHSA-2024:2669) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2672 (RHSA-2024:2672) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2784 (RHSA-2024:2784) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-3154 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2272532 (RHBZ#2272532) issue-tracking

https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j

https://github.com/opencontainers/runc/pull/4217

https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson

cve.org CVE-2024-3154

nvd.nist.gov CVE-2024-3154

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3154