CVE-2021-3344

Name of the Vulnerable Software and Affected Versions github.com/openshift/builder versions v0.0.0-20210125201112-7901cb396121 and before

Description A privilege escalation flaw was found in OpenShift builder, where credentials outside the build context are automatically mounted into the container image under construction during build time. This allows an OpenShift user who can execute code during build time inside the container to re-use the credentials and overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations For versions v0.0.0-20210125201112-7901cb396121 and before, consider restricting access to the build process to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of users who can execute code during build time to prevent potential escalation.