CVE-2024-45496

CRITICAL

OpenShift - Privilege Escalation

Title source: llm

Description

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Exploits (4)

nomisec SUSPICIOUS
by biggerbangg · poc
https://github.com/biggerbangg/cve-2024-45496
nomisec SUSPICIOUS
by b334r · poc
https://github.com/b334r/cve-2024-45496
nomisec WORKING POC
by pwnc4t · poc
https://github.com/pwnc4t/cve-2024-45496
nomisec WORKING POC
by tevsho · poc
https://github.com/tevsho/cve-2024-45496

References (8)

Scores

CVSS v3 9.9
EPSS 0.0012
EPSS Percentile 30.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Details

CWE
CWE-269
Status published
Products (7)
openshift/openshift-controller-manager 0 - 0.0.0-alpha.0.0.20240911Go
Red Hat/Red Hat OpenShift Container Platform 4.12 v4.12.0-202409131137.p1.g0b1971a.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.13 v4.13.0-202409130707.p1.gb75d499.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14 v4.14.0-202409130708.p1.g9020ea1.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.15 v4.15.0-202409131835.p1.gbe9d673.assembly.stream.el9
Red Hat/Red Hat OpenShift Container Platform 4.16 v4.16.0-202409130937.p1.g5dcfc99.assembly.stream.el9
Red Hat/Red Hat OpenShift Container Platform 4.17 v4.17.0-202409182235.p0.g7682a61.assembly.stream.el9
Published Sep 17, 2024
Tracked Since Feb 18, 2026