Over 3,000 of Red Hat OpenShift’s customers, including a significant portion of the Global Fortune 500, are trusting the platform because of its robust security features and its industry-leading hybrid cloud platform. However, two critical vulnerabilities in OpenShift could adversely affect the platform’s security.
It has been recently discovered that two vulnerabilities have been exploited in the OpenShift Container Platform’s build process – CVE-2024-45496 and CVE-2024-7387 – which would allow an attacker to run arbitrary commands on affected nodes and potentially escalate system privileges.
An open-source project, OpenShift, has been found to contain a security flaw.
OpenShift Container Platform’s build process suffers from this issue because elevated privileges weren’t properly used when building the platform. A privileged security context is applied to the git-clone container during the build initialization step: this allows permissions to be granted to unrestricted access to the node during the build.
A developer with developer-level access to a worker node can compromise a worker node by delivering a crafted .gitconfig file containing commands carried out during the cloning process. This results in arbitrary commands being executed on the worker node. There is a possibility that a malicious code could be run inside a privileged container that would escalate the attacker’s permiss
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: