CVE-2024-45497
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
4.16 | affected | ||
| Red Hat | Red Hat OpenShift Container Platform 4.12 | v4.12.0-202506062300.p0.gb870fc6.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | v4.13.0-202507061330.p0.g9abb220.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | v4.14.0-202506112307.p0.g700dc11.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202506062300.p0.gd26f300.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202507011904.p0.g2b2ba3b.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202506062012.p0.g0a6f6eb.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.20 | ose-openshift-controller-manager-container-v4.20.0-202509261327.p2.gd9e543d.assembly.stream.el9 < * | unaffected |
Weaknesses
- CWE-732: Incorrect Permission Assignment for Critical Resource
Workarounds
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2025:10270
- https://access.redhat.com/errata/RHSA-2025:10294
- https://access.redhat.com/errata/RHSA-2025:10747
- https://access.redhat.com/errata/RHSA-2025:9269
- https://access.redhat.com/errata/RHSA-2025:9562
- https://access.redhat.com/errata/RHSA-2025:9759
- https://access.redhat.com/errata/RHSA-2025:9765
- https://access.redhat.com/security/cve/CVE-2024-45497
- https://bugzilla.redhat.com/show_bug.cgi?id=2308673
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.