CVE-2024-5154
Cri-o: malicious container can create symlink on host
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (β../β). This flaw allows the container to read and write to arbitrary files on the host system.
| CWE | CWE-22 |
| Published | Jun 12, 2024 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 3.11
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:10818 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3676 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3700 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4008 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4159 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4486 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-5154 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2280190 github.com: https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
Credits
Red Hat would like to thank Erik SjΓΆlund ([email protected]) for reporting this issue.