Platform
go
Component
github.com/openshift/openshift-controller-manager
Fixed in
4.18.1
0.0.0-alpha.0.0.20240911
CVE-2024-45496 describes a critical Remote Code Execution (RCE) vulnerability discovered in OpenShift Container Platform. This flaw arises from the misuse of elevated privileges during the build initialization process, specifically within the git-clone container. Affected versions are those prior to 0.0.0-alpha.0.0.20240911. A patch has been released to address this vulnerability.
The vulnerability allows an attacker with developer-level access to craft a malicious .gitconfig file. This file, when processed during the cloning phase, can inject commands that are executed with elevated privileges on the worker node. This effectively grants the attacker arbitrary command execution capabilities, potentially leading to complete system compromise. The attacker could install malware, steal sensitive data, or pivot to other systems within the network. The blast radius extends to the entire worker node and potentially the broader OpenShift cluster if the attacker can leverage this access for lateral movement.
This vulnerability is considered high probability due to the ease of exploitation and the potential for significant impact. Public proof-of-concept code is likely to emerge given the RCE nature of the vulnerability. The vulnerability was publicly disclosed on 2024-09-17. It is recommended to monitor CISA KEV for updates.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade to OpenShift Container Platform version 0.0.0-alpha.0.0.20240911 or later. If upgrading is not immediately feasible, consider restricting access to the build process to trusted developers only. Implement strict input validation on any configuration files used during the build process to prevent malicious content injection. Monitor build logs for suspicious activity and unusual command executions. While a WAF is unlikely to directly address this, reviewing and hardening the build environment itself is crucial.
Update OpenShift Container Platform to a patched version. Refer to Red Hat Security Advisories (RHSA) RHSA-2024:3718, RHSA-2024:6685, and RHSA-2024:6687 for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-45496 is a critical Remote Code Execution vulnerability in OpenShift Container Platform, allowing attackers to execute arbitrary commands on worker nodes through a crafted .gitconfig file.
You are affected if you are running OpenShift Container Platform versions prior to 0.0.0-alpha.0.0.20240911 and have developer-level access to the build process.
Upgrade to OpenShift Container Platform version 0.0.0-alpha.0.0.20240911 or later. Restrict build process access and validate configuration files.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation attempts.
Refer to the official OpenShift security advisory for detailed information and mitigation guidance: [https://security.openshift.io/](https://security.openshift.io/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.