CVE-2024-7387

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer in github.com/openshift/builder

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.

Se encontró una falla en openshift/builder. Esta vulnerabilidad permite la inyección de comandos a través de un path traversal, donde un usuario malintencionado puede ejecutar comandos arbitrarios en el nodo OpenShift que ejecuta el contenedor de compilación. Al utilizar la estrategia “Docker”, los archivos ejecutables dentro del contenedor de compilación privilegiado se pueden anular utilizando el atributo `spec.source.secrets.secret.destinationDir` de la definición `BuildConfig`. Un atacante que ejecute código en un contenedor privilegiado podría aumentar sus permisos en el nodo que ejecuta el contenedor.