CVE-2024-45496

Name of the Vulnerable Software and Affected Versions OpenShift Container Platform (affected versions not specified)

Description The issue is related to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.