CVE-2024-45497 (GCVE-0-2024-45497)

Vulnerability from cvelistv5 – Published: 2024-12-31 02:19 – Updated: 2026-02-03 21:42
VLAI?
Title
Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials
Summary
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.
Severity ?
7.6 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE
  • CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
https://access.redhat.com/errata/RHSA-2025:10270 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10294 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10747 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9269 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9562 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9759 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9765 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45497 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2308673 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 4.16 (semver)
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: v4.12.0-202506062300.p0.gb870fc6.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.12::el8
    cpe:/a:redhat:openshift:4.12::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: v4.13.0-202507061330.p0.g9abb220.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202506112307.p0.g700dc11.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el8
    cpe:/a:redhat:openshift:4.14::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202506062300.p0.gd26f300.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.16::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202507011904.p0.g2b2ba3b.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.17::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202506062012.p0.g0a6f6eb.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.18::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.2 Unaffected: sha256:23043d4a73f0d25d0959030e3d9b8020e4453a748addcb5c5955415953ad30a3 , < * (rpm)
    cpe:/a:redhat:openshift:4.20::el9
 Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
 Create a notification for this product.
Credits
This issue was discovered by Thibault Guittet (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45497",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T15:53:54.435304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T15:54:01.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openshift",
          "defaultStatus": "unknown",
          "packageName": "openshift",
          "versions": [
            {
              "status": "affected",
              "version": "4.16",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8",
            "cpe:/a:redhat:openshift:4.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-openshift-apiserver-operator",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.12.0-202506062300.p0.gb870fc6.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-openshift-apiserver-operator",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.13.0-202507061330.p0.g9abb220.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-openshift-apiserver-operator",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202506112307.p0.g700dc11.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-openshift-apiserver-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202506062300.p0.gd26f300.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-openshift-apiserver-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202507011904.p0.g2b2ba3b.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-openshift-apiserver-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.18.0-202506062012.p0.g0a6f6eb.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.20::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-openshift-controller-manager-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:23043d4a73f0d25d0959030e3d9b8020e4453a748addcb5c5955415953ad30a3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.arquillian.cube/arquillian-cube-openshift-api",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift4/ose-openshift-apiserver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Thibault Guittet (Red Hat)."
        }
      ],
      "datePublic": "2024-12-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node\u0027s /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T21:42:09.124Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10270"
        },
        {
          "name": "RHSA-2025:10294",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10294"
        },
        {
          "name": "RHSA-2025:10747",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10747"
        },
        {
          "name": "RHSA-2025:9269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9269"
        },
        {
          "name": "RHSA-2025:9562",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9562"
        },
        {
          "name": "RHSA-2025:9759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9759"
        },
        {
          "name": "RHSA-2025:9765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9765"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-45497"
        },
        {
          "name": "RHBZ#2308673",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308673"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-29T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-12-15T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-45497",
    "datePublished": "2024-12-31T02:19:22.553Z",
    "dateReserved": "2024-08-30T10:12:13.684Z",
    "dateUpdated": "2026-02-03T21:42:09.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45497\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-31T15:53:54.435304Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-31T15:53:58.278Z\"}}], \"cna\": {\"title\": \"Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials\", \"credits\": [{\"lang\": \"en\", \"value\": \"This issue was discovered by Thibault Guittet (Red Hat).\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"4.16\", \"versionType\": \"semver\"}], \"packageName\": \"openshift\", \"collectionURL\": \"https://github.com/openshift\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el8\", \"cpe:/a:redhat:openshift:4.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.12.0-202506062300.p0.gb870fc6.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-cluster-openshift-apiserver-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el8\", \"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.13.0-202507061330.p0.g9abb220.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-cluster-openshift-apiserver-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el8\", \"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.14.0-202506112307.p0.g700dc11.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-cluster-openshift-apiserver-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.16.0-202506062300.p0.gd26f300.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-cluster-openshift-apiserver-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.17.0-202507011904.p0.g2b2ba3b.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-cluster-openshift-apiserver-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.18.0-202506062012.p0.g0a6f6eb.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-cluster-openshift-apiserver-rhel9-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:23043d4a73f0d25d0959030e3d9b8020e4453a748addcb5c5955415953ad30a3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-openshift-controller-manager-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"packageName\": \"org.arquillian.cube/arquillian-cube-openshift-api\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"openshift4/ose-openshift-apiserver-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-08-29T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-12-15T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-12-15T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:10270\", \"name\": \"RHSA-2025:10270\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:10294\", \"name\": \"RHSA-2025:10294\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:10747\", \"name\": \"RHSA-2025:10747\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:9269\", \"name\": \"RHSA-2025:9269\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:9562\", \"name\": \"RHSA-2025:9562\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:9759\", \"name\": \"RHSA-2025:9759\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:9765\", \"name\": \"RHSA-2025:9765\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-45497\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2308673\", \"name\": \"RHBZ#2308673\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node\u0027s /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-02-03T21:42:09.124Z\"}, \"x_redhatCweChain\": \"CWE-732: Incorrect Permission Assignment for Critical Resource\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45497\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-03T21:42:09.124Z\", \"dateReserved\": \"2024-08-30T10:12:13.684Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-12-31T02:19:22.553Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.