Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-8676— Cri-o: checkpoint restore can be triggered from different namespaces

CVSS 7.4 · High EPSS 0.27% · P51

I. Basic Information for CVE-2024-8676

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cri-o: checkpoint restore can be triggered from different namespaces
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
CRI-O 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CRI-O是CRI-O开源的一款用于Kubernetes系统的轻量级容器运行时环境。 CRI-O存在授权问题漏洞,该漏洞源于允许攻击者诱骗CRI-O恢复无权访问主机挂载的pod。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-- 0 ~ 1.29.11 -
Red HatRed Hat OpenShift Container Platform 4.15 0:1.28.11-7.rhaos4.15.gitc4c0556.el8 ~ * cpe:/a:redhat:openshift:4.15::el8
Red HatRed Hat OpenShift Container Platform 4.16 0:1.29.11-3.rhaos4.16.git16d9bd6.el8 ~ * cpe:/a:redhat:openshift:4.16::el9
Red HatRed Hat OpenShift Container Platform 4.16 416.94.202506251808-0 ~ * cpe:/a:redhat:openshift:4.16::el9
Red HatRed Hat OpenShift Container Platform 4.17 417.94.202503241418-0 ~ * cpe:/a:redhat:openshift:4.17::el9
Red HatRed Hat OpenShift Container Platform 4.18 0:1.31.5-5.rhaos4.18.git6dfa0a6.el8 ~ * cpe:/a:redhat:openshift:4.18::el9
Red HatRed Hat OpenShift Container Platform 4.18 418.94.202504231329-0 ~ * cpe:/a:redhat:openshift:4.18::el9
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat OpenShift Container Platform 3.11-cpe:/a:redhat:openshift:3.11
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4

II. Public POCs for CVE-2024-8676

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-8676

登录查看更多情报信息。

IV. Related Vulnerabilities

Same weakness: CWE-285

V. Comments for CVE-2024-8676

No comments yet

Leave a comment