CVE-2024-5154
published 2024-06-12CVE-2024-5154: A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows…
high8.1CVSS 3.1
AVNACLPRHUIRSCCHIHAN
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | cri-o_cri-o | >= 1.28.6 < 1.28.7 | 1.28.7 |
| github.com | cri-o_cri-o | >= 1.29.4 < 1.29.5 | 1.29.5 |
| github.com | cri-o_cri-o | >= 1.30.0 < 1.30.1 | 1.30.1 |
| kubernetes | cri-o | — | — |
| kubernetes | cri-o | — | — |
| kubernetes | cri-o | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |