CVE-2024-3154 — Vulnetix

CVE-2024-3154 PUBLISHED

Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht in der cri-o-Komponente aufgrund der unsachgemäßen Behandlung von Pod-Annotationen, was zur Injektion einer beliebigen Systemeigenschaft führt. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.

EPSS 0.37% · 59.1th percentile

Risk Scores

EPSS Score

0.37%

59.1th percentile

Exploit Intelligence

cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)
cve-2023-22527-yara.yar (github-yara)

Timeline

Feb 8, 2024 PoC Published
Apr 26, 2024 CVE Published
Apr 26, 2024 EPSS Score
Apr 30, 2024 CVE Updated
May 21, 2024 EPSS Score
Jul 10, 2024 EPSS Score
Aug 3, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 16, 2024 EPSS Score
Nov 9, 2024 EPSS Score
Dec 5, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1297.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1297 advisory
https://access.redhat.com/errata/RHSA-2024:3496 advisory

Open in Interactive Console →