CVE-2024-7387 (GCVE-0-2024-7387)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:58 – Updated: 2025-11-11 15:21
VLAI?
Title
Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
Summary
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 0b62633adfa2836465202bc851885e078ec888d1 (git)
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: v4.12.0-202409121032.p1.g609473f.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.12::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: v4.13.0-202409120505.p1.g2c7e99d.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202409111409.p1.g52565ca.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202409101936.p1.ge7749a3.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409101737.p1.gfee4b58.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.16::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409122005.p1.gcfcf3bd.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.17::el9
 Create a notification for this product.
Credits
Red Hat would like to thank Armin Stock for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7387",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-07T20:31:09.766421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-07T20:31:23.564Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openshift/builder",
          "defaultStatus": "unaffected",
          "packageName": "openshift/builder",
          "versions": [
            {
              "lessThan": "0b62633adfa2836465202bc851885e078ec888d1",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.12.0-202409121032.p1.g609473f.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.13.0-202409120505.p1.g2c7e99d.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202409111409.p1.g52565ca.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202409101936.p1.ge7749a3.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202409101737.p1.gfee4b58.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202409122005.p1.gcfcf3bd.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Armin Stock for reporting this issue."
        }
      ],
      "datePublic": "2024-09-16T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the \u201cDocker\u201d strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:21:33.858Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:3718",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3718"
        },
        {
          "name": "RHSA-2024:6685",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6685"
        },
        {
          "name": "RHSA-2024:6687",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6687"
        },
        {
          "name": "RHSA-2024:6689",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6689"
        },
        {
          "name": "RHSA-2024:6691",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6691"
        },
        {
          "name": "RHSA-2024:6705",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6705"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7387"
        },
        {
          "name": "RHBZ#2302259",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302259"
        },
        {
          "url": "https://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-01T15:12:45+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-16T08:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy",
      "workarounds": [
        {
          "lang": "en",
          "value": "Cluster admins can follow the instructions in \"Securing Builds by Strategy\" to block use of the \"Docker\" build strategy on a cluster, or restrict the use to a set of highly trusted users, until the cluster is able to be upgraded.\n\nhttps://docs.openshift.com/container-platform/4.16/cicd/builds/securing-builds-by-strategy.html"
        }
      ],
      "x_redhatCweChain": "CWE-250: Execution with Unnecessary Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7387",
    "datePublished": "2024-09-16T23:58:35.176Z",
    "dateReserved": "2024-08-01T15:14:15.077Z",
    "dateUpdated": "2025-11-11T15:21:33.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7387\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-07T20:31:09.766421Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T15:58:40.387Z\"}}], \"cna\": {\"title\": \"Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Armin Stock for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0b62633adfa2836465202bc851885e078ec888d1\", \"versionType\": \"git\"}], \"packageName\": \"openshift/builder\", \"collectionURL\": \"https://github.com/openshift/builder\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.12.0-202409121032.p1.g609473f.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.13.0-202409120505.p1.g2c7e99d.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.14.0-202409111409.p1.g52565ca.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\", \"cpe:/a:redhat:openshift:4.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.15.0-202409101936.p1.ge7749a3.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.16.0-202409101737.p1.gfee4b58.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.17.0-202409122005.p1.gcfcf3bd.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-08-01T15:12:45+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-09-16T08:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-09-16T08:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:3718\", \"name\": \"RHSA-2024:3718\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6685\", \"name\": \"RHSA-2024:6685\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6687\", \"name\": \"RHSA-2024:6687\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6689\", \"name\": \"RHSA-2024:6689\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6691\", \"name\": \"RHSA-2024:6691\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6705\", \"name\": \"RHSA-2024:6705\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-7387\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2302259\", \"name\": \"RHBZ#2302259\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Cluster admins can follow the instructions in \\\"Securing Builds by Strategy\\\" to block use of the \\\"Docker\\\" build strategy on a cluster, or restrict the use to a set of highly trusted users, until the cluster is able to be upgraded.\\n\\nhttps://docs.openshift.com/container-platform/4.16/cicd/builds/securing-builds-by-strategy.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the \\u201cDocker\\u201d strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-250\", \"description\": \"Execution with Unnecessary Privileges\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-11T15:21:33.858Z\"}, \"x_redhatCweChain\": \"CWE-250: Execution with Unnecessary Privileges\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7387\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-11T15:21:33.858Z\", \"dateReserved\": \"2024-08-01T15:14:15.077Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-09-16T23:58:35.176Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.