๐Ÿ” CVE Alert

CVE-2024-45496

CRITICAL 9.9

Openshift-controller-manager: elevated build pods can lead to node compromise in openshift

CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

CWE CWE-269
Published Sep 16, 2024
Last Updated Feb 25, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new critical vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

Affected Versions

Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3718 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6685 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6687 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6689 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6691 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6705 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-45496 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2308661

Credits

This issue was discovered by Thibault Guittet (Red Hat).