CVE-2024-7387

Summary

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the spec.source.secrets.secret.destinationDir attribute of the BuildConfig definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Affected Software

VendorProductVersion RangeStatus
0 < 0b62633adfa2836465202bc851885e078ec888d1affected
Red HatRed Hat OpenShift Container Platform 4.12v4.12.0-202409121032.p1.g609473f.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13v4.13.0-202409120505.p1.g2c7e99d.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14v4.14.0-202409111409.p1.g52565ca.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409101936.p1.ge7749a3.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202409101737.p1.gfee4b58.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202409122005.p1.gcfcf3bd.assembly.stream.el9 < *unaffected

Weaknesses

  • CWE-250: Execution with Unnecessary Privileges

Workarounds

Cluster admins can follow the instructions in "Securing Builds by Strategy" to block use of the "Docker" build strategy on a cluster, or restrict the use to a set of highly trusted users, until the cluster is able to be upgraded.

https://docs.openshift.com/container-platform/4.16/cicd/builds/securing-builds-by-strategy.html

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References