A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
References
Configurations
No configuration.
History
16 May 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
26 Apr 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-26 04:15
Updated : 2024-05-16 23:15
NVD link : CVE-2024-3154
Mitre link : CVE-2024-3154
CVE.ORG link : CVE-2024-3154
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')