Description

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

INFO

Published Date :

2024-09-16T23:58:59.399Z

Last Modified :

2026-02-25T19:22:58.226Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45496 vulnerability.

Vendors Products
Redhat
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45496.

URL Resource
https://access.redhat.com/errata/RHSA-2024:3718 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6685 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6687 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6689 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6691 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6705 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-45496 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2308661 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-45496 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-45496 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact