Description

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

INFO

Published Date :

2024-04-26T03:12:38.036Z

Last Modified :

2025-11-20T07:17:45.415Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3154 vulnerability.

Vendors Products
Redhat
  • Openshift

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact