CVE-2024-3154

{"id": "CVE-2024-3154", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-04-26T04:15:09.217", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2669", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2672", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2784", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3154", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532", "source": "secalert@redhat.com"}, {"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j", "source": "secalert@redhat.com"}, {"url": "https://github.com/opencontainers/runc/pull/4217", "source": "secalert@redhat.com"}, {"url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotaci\u00f3n Pod. Cualquier usuario que pueda crear un pod con una anotaci\u00f3n arbitraria puede realizar una acci\u00f3n arbitraria en el sistema host."}], "lastModified": "2024-05-16T23:15:50.110", "sourceIdentifier": "secalert@redhat.com"}