How severe is CVE-2024-45497?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2024-45497?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2024-45497 - HIGH Severity | CVSS 7.6

Vulnerability Description

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties.

Related Vulnerabilities

CVE-2018-12173

HIGH

CVSS:7.6(High)

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially e...

CWE-7322018

CVE-2022-21819

HIGH

CVSS:7.6(High)

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to ...

CWE-7322022

CVE-2007-5743

HIGH

CVSS:7.5(High)

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

CWE-7322007

CVE-2017-0317

HIGH

CVSS:7.5(High)

All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tampe...

CWE-7322017

CVE-2017-0845

HIGH

CVSS:7.5(High)

A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

CWE-7322017

CVE-2017-1000125

HIGH

CVSS:7.5(High)

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

CWE-7322017