How severe is CVE-2024-8676?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-8676?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2024-8676 - HIGH Severity | CVSS 7.4

Vulnerability Description

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.

Related Vulnerabilities

CVE-2022-31671

HIGH

CVSS:7.4(High)

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution l...

CWE-2852022

CVE-2013-7245

HIGH

CVSS:7.5(High)

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP S...

CWE-2852013

CVE-2016-1000219

HIGH

CVSS:7.5(High)

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions...

CWE-2852016

CVE-2016-5420

HIGH

CVSS:7.5(High)

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by lever...

CWE-2852016

CVE-2016-5676

HIGH

CVSS:7.5(High)

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwor...

CWE-2852016

CVE-2017-1002151

HIGH

CVSS:7.5(High)

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

CWE-2852017