CVE-2024-45497
HIGHRed Hat OpenShift Container Platform 4.12-4.18 - Incorrect Permission Assignment for Critical Resource in Build Process
Title source: llmDescription
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:10270
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:10294
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:10747
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:9269
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:9562
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:9759
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:9765
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-45497
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2308673
Scores
CVSS v3
7.6
EPSS
0.0054
EPSS Percentile
41.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
Status
published
Products (9)
Red Hat/Red Hat Fuse 7
Red Hat/Red Hat OpenShift Container Platform 4
Red Hat/Red Hat OpenShift Container Platform 4.12
v4.12.0-202506062300.p0.gb870fc6.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.13
v4.13.0-202507061330.p0.g9abb220.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14
v4.14.0-202506112307.p0.g700dc11.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.16
v4.16.0-202506062300.p0.gd26f300.assembly.stream.el9
Red Hat/Red Hat OpenShift Container Platform 4.17
v4.17.0-202507011904.p0.g2b2ba3b.assembly.stream.el9
Red Hat/Red Hat OpenShift Container Platform 4.18
v4.18.0-202506062012.p0.g0a6f6eb.assembly.stream.el9
Red Hat/Red Hat OpenShift Container Platform 4.2
sha256:23043d4a73f0d25d0959030e3d9b8020e4453a748addcb5c5955415953ad30a3
Published
Dec 31, 2024
Tracked Since
Feb 18, 2026