Bug 2308673 (CVE-2024-45497) - CVE-2024-45497 openshift-api: openshift-controller-manager/build: Build Process in OpenShift Allows Overwriting of Node Pull Credentials
Summary: CVE-2024-45497 openshift-api: openshift-controller-manager/build: Build Proce...
Keywords:
Status: NEW
Alias: CVE-2024-45497
Deadline: 2024-12-15
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-30 11:47 UTC by OSIDB Bzimport
Modified: 2025-07-17 02:10 UTC (History)
27 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:10270 0 None None None 2025-07-10 01:34:26 UTC
Red Hat Product Errata RHSA-2025:10294 0 None None None 2025-07-09 04:04:24 UTC
Red Hat Product Errata RHSA-2025:10747 0 None None None 2025-07-17 02:10:39 UTC
Red Hat Product Errata RHSA-2025:9269 0 None None None 2025-06-26 00:19:00 UTC
Red Hat Product Errata RHSA-2025:9759 0 None None None 2025-07-02 17:25:39 UTC
Red Hat Product Errata RHSA-2025:9765 0 None None None 2025-07-02 03:53:04 UTC

Description OSIDB Bzimport 2024-08-30 11:47:23 UTC 
A vulnerability in the OpenShift Container Platform allows an attacker with developer access to modify the config.json file on a worker node. By exploiting the build process and using a misconfigured pod that mounts /var/lib/kubelet/config.json without read-only restrictions, the attacker can overwrite the credentials file required for pulling container images. This leads to a denial of service, preventing the node from fetching images and potentially leaking sensitive credentials used to access private image repositories.
Comment 1 errata-xmlrpc 2025-06-26 00:18:58 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:9269 https://access.redhat.com/errata/RHSA-2025:9269
Comment 2 errata-xmlrpc 2025-07-02 03:53:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:9765 https://access.redhat.com/errata/RHSA-2025:9765
Comment 3 errata-xmlrpc 2025-07-02 17:25:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:9759 https://access.redhat.com/errata/RHSA-2025:9759
Comment 4 errata-xmlrpc 2025-07-09 04:04:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:10294 https://access.redhat.com/errata/RHSA-2025:10294
Comment 5 errata-xmlrpc 2025-07-10 01:34:23 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:10270 https://access.redhat.com/errata/RHSA-2025:10270
Comment 6 errata-xmlrpc 2025-07-17 02:10:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:10747 https://access.redhat.com/errata/RHSA-2025:10747
Note You need to log in before you can comment on or make changes to this bug.