CVE-2024-45497

Openshift-api: build process in openshift allows overwriting of node pull credentials

Severity Score

7.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.

Se encontró una falla en el proceso de compilación de OpenShift, donde el contenedor docker-build está configurado con un montaje de volumen hostPath que asigna el archivo /var/lib/kubelet/config.json del nodo al pod de compilación. Este archivo contiene credenciales confidenciales necesarias para extraer imágenes de repositorios privados. El montaje no es de solo lectura, lo que permite al atacante sobrescribirlo. Al modificar el archivo config.json, el atacante puede provocar una denegación de servicio al evitar que el nodo extraiga nuevas imágenes y potencialmente exfiltre secretos confidenciales. Esta falla afecta la disponibilidad de los servicios que dependen de la extracción de imágenes y expone información confidencial a terceros no autorizados.

*Credits: This issue was discovered by Thibault Guittet (Red Hat).

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-30 CVE Reserved
2024-12-31 CVE Published
2025-02-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

CAPEC

References (2)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2024-45497	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2308673	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected