CVE-2021-3344Insufficiently Protected Credentials in Redhat Openshift Builder

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Openshift BuilderRedhat Openshift Container PlatformOpenshift Builder
Timeline
PublishedMar 16

Description

A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availa

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDredhat/openshift_builder< 2021-01-26
CVEListV5openshift/builderbefore github.com/openshift/builder v0.0.0-20210125201112-7901cb396121

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

1
CVEList
CVE-2021-3344: A privilege escalation flaw was found in OpenShift builder2021-03-16

📋Vendor Advisories

1
Red Hat
openshift/builder: privilege escalation during container image builds via mounted secrets2021-02-08
CVE-2021-3344 — Insufficiently Protected Credentials | cvebase