Red Hat OpenShift Container Platform vulnerability (CVE-2024-45496)

CVE-2024-45496 is a critical security vulnerability affecting Red Hat’s OpenShift Container Platform, with a CVSS score of 9.9. The vulnerability stems from improper privilege management during the build process, specifically in the git-clone container. This container is run with elevated privileges, allowing an attacker with developer-level access to insert a malicious .gitconfig file during the build initialization phase. The crafted file enables the attacker to execute arbitrary commands on the worker node hosting the container, potentially escalating their privileges and gaining unauthorized control over the system.

This flaw makes it possible for attackers to execute arbitrary code and compromise system integrity, posing significant security risks for environments using the OpenShift platform. To mitigate this, administrators are advised to follow security recommendations, such as limiting the use of the Docker build strategy to trusted users until patches are available.

(see CVE-2024-45496 for details)