#VU97614 Path traversal in Red Hat OpenShift Container Platform - CVE-2024-7387

Cybersecurity Help s.r.o.

Published: 2024-09-19

Vulnerability identifier: #VU97614

Vulnerability risk: Medium

CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7387

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote user to escalate privileges within the container.

The vulnerability exists due to input validation error when processing directory traversal sequences in openshift/builder. A remote user can send a specially crafted HTTP request and escalate their permissions on the node running the container.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.36

External links
https://access.redhat.com/security/cve/CVE-2024-7387
https://bugzilla.redhat.com/show_bug.cgi?id=2302259
https://access.redhat.com/errata/RHSA-2024:6691
https://access.redhat.com/errata/RHSA-2024:6687
https://access.redhat.com/errata/RHSA-2024:6689

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell APEX Cloud Platform for Red Hat OpenShift

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13