Description
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Problem types
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
1.30.0 (semver) before 1.30.1
1.29.4 (semver) before 1.29.5
1.28.6 (semver) before 1.28.7
0:1.25.5-21.2.rhaos4.12.gita3eb75f.el8 (rpm) before *
0:1.26.5-18.2.rhaos4.13.git2e90133.el8 (rpm) before *
0:1.27.7-3.rhaos4.14.git674563e.el9 (rpm) before *
0:1.28.7-2.rhaos4.15.git111aec5.el9 (rpm) before *
0:1.29.5-7.rhaos4.16.git7db4ada.el8 (rpm) before *
0:5.14.0-427.24.1.el9_4 (rpm) before *
0:4.16.0-202406191607.p0.g58452d8.assembly.stream.el8 (rpm) before *
417.94.202412040832-0 (rpm) before *
Timeline
| 2024-05-10: | Reported to Red Hat. |
| 2024-05-27: | Made public. |
Credits
Red Hat would like to thank Erik Sjölund (erik.sjolund@gmail.com) for reporting this issue.
References
access.redhat.com/errata/RHSA-2024:3676 (RHSA-2024:3676)
access.redhat.com/errata/RHSA-2024:3700 (RHSA-2024:3700)
access.redhat.com/errata/RHSA-2024:4008 (RHSA-2024:4008)
access.redhat.com/errata/RHSA-2024:4486 (RHSA-2024:4486)
access.redhat.com/security/cve/CVE-2024-5154
bugzilla.redhat.com/show_bug.cgi?id=2280190 (RHBZ#2280190)
github.com/.../cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
access.redhat.com/errata/RHSA-2024:10818 (RHSA-2024:10818)
access.redhat.com/errata/RHSA-2024:3676 (RHSA-2024:3676)
access.redhat.com/errata/RHSA-2024:3700 (RHSA-2024:3700)
access.redhat.com/errata/RHSA-2024:4008 (RHSA-2024:4008)
access.redhat.com/errata/RHSA-2024:4159 (RHSA-2024:4159)
access.redhat.com/errata/RHSA-2024:4486 (RHSA-2024:4486)
access.redhat.com/security/cve/CVE-2024-5154
bugzilla.redhat.com/show_bug.cgi?id=2280190 (RHBZ#2280190)
github.com/.../cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
