Skip to content

Commit

Permalink
1 changes (1 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-45497
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Dec 31, 2024
1 parent a2b9876 commit e42c28f
Show file tree
Hide file tree
Showing 3 changed files with 163 additions and 5 deletions.
144 changes: 144 additions & 0 deletions cves/2024/45xxx/CVE-2024-45497.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-45497",
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"state": "PUBLISHED",
"assignerShortName": "redhat",
"dateReserved": "2024-08-30T10:12:13.684Z",
"datePublished": "2024-12-31T02:19:22.553Z",
"dateUpdated": "2024-12-31T02:19:22.553Z"
},
"containers": {
"cna": {
"title": "Openshift-api: build process in openshift allows overwriting of node pull credentials",
"metrics": [
{
"other": {
"content": {
"value": "Moderate",
"namespace": "https://access.redhat.com/security/updates/classification/"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties."
}
],
"affected": [
{
"vendor": "Red Hat",
"product": "Red Hat Fuse 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "org.arquillian.cube/arquillian-cube-openshift-api",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-cluster-openshift-apiserver-operator",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-openshift-apiserver-rhel7",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-45497",
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308673",
"name": "RHBZ#2308673",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
]
}
],
"datePublic": "2024-12-15T00:00:00+00:00",
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-29T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-12-15T00:00:00+00:00",
"value": "Made public."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Thibault Guittet (Red Hat)."
}
],
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2024-12-31T02:19:22.553Z"
}
}
}
}
10 changes: 5 additions & 5 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{
"fetchTime": "2024-12-31T02:06:46.757Z",
"fetchTime": "2024-12-31T02:32:35.038Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-13040",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json",
"dateUpdated": "2024-12-31T01:35:20.576Z"
"cveId": "CVE-2024-45497",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45497",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45497.json",
"dateUpdated": "2024-12-31T02:19:22.553Z"
}
],
"updated": [],
Expand Down
14 changes: 14 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
[
{
"fetchTime": "2024-12-31T02:32:35.038Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-45497",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45497",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45497.json",
"dateUpdated": "2024-12-31T02:19:22.553Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-12-31T02:06:46.757Z",
"numberOfChanges": 1,
Expand Down

0 comments on commit e42c28f

Please sign in to comment.