cbcvebase.
CVE-2024-3154
published 2024-04-26

CVE-2024-3154: A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation…

PriorityP344high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.42%
69.5th percentile
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

Affected

7 ranges
VendorProductVersion rangeFixed in
github.comcri-o_cri-o>= 0 < 1.27.61.27.6
github.comcri-o_cri-o>= 1.28.0 < 1.28.61.28.6
github.comcri-o_cri-o>= 1.29.0 < 1.29.41.29.4
msrccbl2_cri-o_1.22.3-14_on_cbl_mariner_2.0
msrccbl2_cri-o_1.22.3-2_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.