CVE-2024-45496

CRITICAL

OpenShift Controller Manager - Privilege Escalation via Crafted .gitconfig File

Title source: llm

Exploitation Summary

EIP tracks 6 public exploits for CVE-2024-45496. PoCs published by pairofglasses, eggpratacurry, biggerbangg.

AI-analyzed exploit summary The repository contains no functional exploit code, only a Dockerfile and a README redirecting to an external site. The lack of technical details and reliance on an external link for information are strong indicators of a suspicious repository.

Description

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Exploits (6)

nomisec SUSPICIOUS

by pairofglasses · poc

https://github.com/pairofglasses/cve-2024-45496

View Code ZIP pw:eip

The repository contains no functional exploit code, only a Dockerfile and a README redirecting to an external site. The lack of technical details and reliance on an external link for information are strong indicators of a suspicious repository.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

Prerequisites: none

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Jun 12, 2026 Full analysis →

nomisec SUSPICIOUS

by eggpratacurry · poc

https://github.com/eggpratacurry/cve-2024-45496

View Code ZIP pw:eip

The repository contains no functional exploit code, only a Dockerfile and a README redirecting to an external site. This is a common pattern for luring researchers into downloading malware or paying for fake exploits.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed May 26, 2026 Full analysis →

nomisec SUSPICIOUS

by biggerbangg · poc

https://github.com/biggerbangg/cve-2024-45496

View Code ZIP pw:eip

The repository contains a minimal Dockerfile and a README redirecting to an external site, with no actual exploit code or technical details about CVE-2024-45496.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 18, 2026 Full analysis →

nomisec SUSPICIOUS

by b334r · poc

https://github.com/b334r/cve-2024-45496

View Code ZIP pw:eip

The repository contains no functional exploit code, only a Dockerfile with a placeholder and a README redirecting to an external site. This is characteristic of a social engineering lure.

Classification

Suspicious 95%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

Prerequisites: none

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 09, 2026 Full analysis →

nomisec WORKING POC

by pwnc4t · poc

https://github.com/pwnc4t/cve-2024-45496

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-45496, leveraging Git smudge filters to execute arbitrary commands on a host system during a Docker build process. The exploit deploys a persistent C2 agent by hijacking the `kubenswrapper` binary and uses a `helloworld:` prefix in build input files to execute commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenShift Container Platform (specific version not specified)

Auth required

Prerequisites: Access to create OpenShift BuildConfig · Ability to inject malicious git config as a secret

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 08, 2026 Full analysis →

nomisec WORKING POC

by tevsho · poc

https://github.com/tevsho/cve-2024-45496

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-45496, leveraging a malicious Git filter to achieve remote code execution (RCE) on OpenShift nodes. The exploit deploys a persistent C2 agent by hijacking the build process and mounting the host filesystem.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenShift Container Platform (specific version not specified)

Auth required

Prerequisites: Access to create secrets and BuildConfig in OpenShift · Git repository with malicious .gitconfig and .gitattributes

MITRE ATT&CK