VDB
CVE-2024-3177
CVE-2024-3177
PUBLISHED
Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.
EPSS 8.42% · 92.5th percentile
Risk Scores
EPSS Score
8.42%
92.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform <4.16.23 | |
| Red Hat | Red Hat OpenShift API for Data Protection 1 | |
| Red Hat | Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 | |
| Red Hat | Red Hat OpenShift Secondary Scheduler Operator | |
| Red Hat | Red Hat OpenShift <4.16.24 | |
| SUSE | SUSE Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.15.28 | |
| Amazon | Amazon Linux 2 | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.63 | |
| SUSE | SUSE openSUSE | |
| Red Hat | Red Hat OpenShift Kube Descheduler Operator 5 | |
| Open Source | Open Source Kubernetes <1.29.4 | |
| Oracle | Oracle Linux | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| RESF | RESF Rocky Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.18.10 | |
| Red Hat | Red Hat OpenShift Container Platform <4.14.38 | |
| Open Source | Open Source Kubernetes <1.27.13 | |
| Red Hat | Red Hat Ansible Automation Platform |
…and 5 more
Exploit Intelligence
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc-repo)
- Module written in Ruby with the objective of exploiting vulnerabilities CVE-2023-2728 and CVE-2024-3177, both related to the secret mount policy in a Kubernetes cluster using a custom Metasploit module. Part of a Cybersecurity Master's degree finalization project. (github-poc)
…and 16 more exploits
Timeline
- Apr 16, 2024 CVE Published
- Apr 23, 2024 EPSS Score
- Jun 12, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
- Aug 25, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 14, 2024 EPSS Score
- Dec 3, 2024 EPSS Score
- Dec 28, 2024 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0904.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0904 advisory
- https://github.com/kubernetes/kubernetes/issues/124336 advisory
- https://seclists.org/oss-sec/2024/q2/126 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-April/018409.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-April/018410.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-September/019474.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-September/019472.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CVDW5HPSEFFQUNXWXYMKJCDGJR4W243Q/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-August/022151.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1474.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1474 advisory
- https://access.redhat.com/errata/RHSA-2024:0040 advisory
- https://access.redhat.com/errata/RHSA-2024:0041 advisory
- https://access.redhat.com/errata/RHSA-2024:0043 advisory
- https://access.redhat.com/errata/RHSA-2024:0045 advisory
- https://access.redhat.com/errata/RHSA-2024:3637 advisory
- https://access.redhat.com/errata/RHSA-2024:3617 advisory
- https://access.redhat.com/errata/RHSA-2024:1616 advisory
- https://errata.build.resf.org/RLSA-2024:3968 advisory
…and 56 more