CVE-2024-3154

Cri-o: arbitrary command injection via pod annotation

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

Se encontró una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotación Pod. Cualquier usuario que pueda crear un pod con una anotación arbitraria puede realizar una acción arbitraria en el sistema host.

Red Hat OpenShift Container Platform release 4.13.43 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

*Credits: Red Hat would like to thank Akihiro Suda and Cédric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-01 CVE Reserved
2024-04-26 CVE Published
2024-09-16 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (9)

URL	Tag	Source
https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j
https://github.com/opencontainers/runc/pull/4217
https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:2669	2024-06-05
https://access.redhat.com/errata/RHSA-2024:2672	2024-06-05
https://access.redhat.com/errata/RHSA-2024:2784	2024-06-05
https://access.redhat.com/errata/RHSA-2024:3496	2024-06-05
https://access.redhat.com/security/cve/CVE-2024-3154	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2272532	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Huawei Search vendor "Huawei"		Euleros Search vendor "Huawei" for product "Euleros"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected