VDB

CVE-2024-25131

CVE-2024-25131 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.

EPSS 0.18% · 38.8th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.18%
38.8th percentile

Affected Products

VendorProductVersions
0, 0
github.comopenshift/must-gather0, 0

Timeline

  • Dec 19, 2024 CVE Published
  • Dec 19, 2024 PoC Published
  • Dec 19, 2024 PoC Published
  • Dec 19, 2024 PoC Published
  • Dec 20, 2024 EPSS Score
  • Jan 5, 2025 EPSS Score
  • Jan 22, 2025 EPSS Score
  • Feb 7, 2025 EPSS Score
  • Feb 24, 2025 EPSS Score
  • Mar 12, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Apr 4, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›