CVE-2024-8676
CVSS V2 None
CVSS V3 None
Description
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.
Overview
- CVE ID
- CVE-2024-8676
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-26T19:15:48.475Z
- Last Modified Date
- 2024-11-26T21:01:45.208Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://access.redhat.com/security/cve/CVE-2024-8676 | vdb-entry x_refsource_REDHAT |
https://bugzilla.redhat.com/show_bug.cgi?id=2313842 | issue-tracking x_refsource_REDHAT |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8676 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8676 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-27 13:08:26 | Added to TrackCVE |