πŸ” CVE Alert

CVE-2024-7387

CRITICAL 9.1

Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

CVSS Score
9.1
EPSS Score
0.8%
EPSS Percentile
73th

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the β€œDocker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

CWE CWE-250
Published Sep 16, 2024
Last Updated Mar 24, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new critical vulnerabilities are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected

References

NVD β†— CVE.org β†— EPSS Data β†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3718 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6685 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6687 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6689 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6691 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6705 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-7387 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2302259 github.com: https://github.com/openshift/builder/commit/0b62633adfa2836465202bc851885e078ec888d1 stuxxn.github.io: https://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html

Credits

Red Hat would like to thank Armin Stock for reporting this issue.