vulnerability

Red Hat OpenShift: CVE-2024-3154: cri-o: Arbitrary command injection via pod annotation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	04/26/2024	05/13/2024	02/18/2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

04/26/2024

Added

05/13/2024

Modified

02/18/2025

Description

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

Solution

linuxrpm-upgrade-cri-o

References

CVE-2024-3154
https://attackerkb.com/topics/CVE-2024-3154
REDHAT-RHSA-2024:2669
REDHAT-RHSA-2024:2672
REDHAT-RHSA-2024:2784
REDHAT-RHSA-2024:3496

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today