CVE-2024-8676Improper Authorization in Cri-o Cri-o

CWE-285Improper Authorization6 documents5 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 57.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Github.com Cri-o Cri-o
Timeline
PublishedNov 26
Latest updateDec 4

Description

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages1 packages

Gogithub.com/cri-o_cri-o1.30.01.30.8+2

🔴Vulnerability Details

4
OSV
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access in github.com/cri-o/cri-o2024-12-04
GHSA
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access2024-11-26
CVEList
Cri-o: checkpoint restore can be triggered from different namespaces2024-11-26
OSV
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access2024-11-26

📋Vendor Advisories

1
Red Hat
cri-o: Checkpoint restore can be triggered from different namespaces2024-11-26
CVE-2024-8676 — Improper Authorization in Cri-o Cri-o | cvebase