{"id":2130,"date":"2025-04-29T06:34:45","date_gmt":"2025-04-29T06:34:45","guid":{"rendered":"http:\/\/localhost\/?p=2130"},"modified":"2025-04-29T06:34:45","modified_gmt":"2025-04-29T06:34:45","slug":"security-bulletin-red-hat-openshift-on-ibm-cloud-is-affected-by-a-cri-o-security-vulnerability-cve-2","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2130","title":{"rendered":"Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-5154)"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-5154)<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-29T02:37:10<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-29T11:06:02<\/td>\n<\/tr>\n
CVSS Score<\/th>\n8.1 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nHIGH<\/td>\n<\/tr>\n
User Interaction<\/th>\nREQUIRED<\/td>\n<\/tr>\n
Scope<\/th>\nCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nNONE<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2024-5154<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the cri-o component which could allow an attacker to send a specially crafted URL request containing “dot dot” sequences (\/..\/) to read and write arbitrary files on the system.<\/p>\n

## Vulnerability Details<\/p>\n

CVEID: CVE-2024-5154
\nDescription: CRI-O could allow a remote authenticated attacker to traverse directories on the system, caused by improper symbolic link validation. An attacker could send a specially crafted URL request containing “dot dot” sequences (\/..\/) to read and write arbitrary files on the system.
\nCVSS Base Score: 8.1
\nCVSS Temporal Score: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/294839 for more information
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:N)
\nAffected Platforms: CRI-O CRI-O 1.28.6, CRI-O CRI-O 1.29.4, CRI-O CRI-O 1.30.0<\/p>\n

## Affected Products and Versions<\/p>\n

Red Hat OpenShift on IBM Cloud 4.15-4.15.21_1546_openshift_W
\nRed Hat OpenShift on IBM Cloud 4.14-4.14.32_1573_openshift_W
\nRed Hat OpenShift on IBM Cloud 4.13-4.13.44_1580_openshift_W
\nRed Hat OpenShift on IBM Cloud 4.12-4.12.60_1600_openshift_W
\nRed Hat OpenShift on IBM Cloud 3.11-4.11<\/p>\n

## Remediation\/Fixes<\/p>\n

Updates for Red Hat OpenShift on IBM Cloud cluster worker nodes at versions 4.12 or later are available that fix this vulnerability. Customers must update worker nodes created before the fix was available to address the vulnerability. For details on updating worker nodes, see either the classic or VPC documentation, as appropriate. To verify your cluster worker nodes have been updated, use the following IBM Cloud CLI command to confirm the currently running versions:<\/p>\n

`ibmcloud oc workers –cluster `<\/p>\n

If the versions are at one of the following patch levels or later, the cluster worker nodes have the fix:<\/p>\n

4.12.61_1603_openshift_W
\n4.13.45_1586_openshift_W
\n4.14.33_1576_openshift_W
\n4.15.23_1553_openshift_W<\/p>\n

Customers running Red Hat OpenShift on IBM Cloud Service clusters at version 4.11 must upgrade to version 4.12. Please review the documentation before starting an upgrade since additional actions may be required.<\/p>\n

Customers running Red Hat OpenShift on IBM Cloud Service clusters at version 4.10 must create a new cluster and deploy their apps to the new cluster.
\nRed Hat OpenShift on IBM Cloud Service 4.11 and earlier are no longer supported. See the Red Hat OpenShift on IBM Cloud Service version information and update actions documentation for more information about Kubernetes versions and version support policies.<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n8.1<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n