๐Ÿ” CVE Alert

CVE-2024-45497

HIGH 7.6

Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.

CWE CWE-732
Published Dec 31, 2024
Last Updated Feb 3, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Affected Versions

Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.2
All versions affected
Red Hat / Red Hat Fuse 7
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10270 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10294 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10747 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9269 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9562 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9759 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9765 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-45497 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2308673

Credits

This issue was discovered by Thibault Guittet (Red Hat).