CVE-2024-5154
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-5154
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5154.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-5154
- Aliases
- Downstream
- Related
- Published
- 2024-06-12T09:15:19Z
- Modified
- 2025-07-29T11:16:30.170595Z
- Summary
- [none]
- Details
-
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
- References
-
- https://access.redhat.com/errata/RHSA-2024:10818
- https://access.redhat.com/errata/RHSA-2024:3676
- https://access.redhat.com/errata/RHSA-2024:3700
- https://access.redhat.com/errata/RHSA-2024:4008
- https://access.redhat.com/errata/RHSA-2024:4159
- https://access.redhat.com/errata/RHSA-2024:4486
- https://access.redhat.com/security/cve/CVE-2024-5154
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8
- https://bugzilla.redhat.com/show_bug.cgi?id=2280190
Affected packages
Git / github.com/cri-o/cri-o
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cri-o/cri-o
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/kubernetes/kubernetes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/openshift/telemeter
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.0.0
v0.1
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.13.1-dev
v0.14.0
v0.14.1
v0.15.0
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.2
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.21.1
v0.21.2
v0.3
v0.4
v0.5
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.0.0-alpha.0
v1.0.0-beta.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.1.0-alpha.0
v1.1.0-alpha.1
v1.10.0-alpha.0
v1.10.0-alpha.1
v1.10.0-alpha.2
v1.10.0-alpha.3
v1.11.0-alpha.0
v1.11.0-alpha.1
v1.11.0-alpha.2
v1.12.0-alpha.0
v1.12.0-alpha.1
v1.13.0-alpha.0
v1.13.0-alpha.1
v1.13.0-alpha.2
v1.13.0-alpha.3
v1.14.0-alpha.0
v1.14.0-alpha.1
v1.14.0-alpha.2
v1.14.0-alpha.3
v1.15.0-alpha.0
v1.15.0-alpha.1
v1.15.0-alpha.2
v1.15.0-alpha.3
v1.16.0-alpha.0
v1.16.0-alpha.1
v1.16.0-alpha.2
v1.16.0-alpha.3
v1.17.0-alpha.0
v1.17.0-alpha.1
v1.17.0-alpha.2
v1.17.0-alpha.3
v1.18.0-alpha.0
v1.18.0-alpha.1
v1.18.0-alpha.2
v1.18.0-alpha.4
v1.18.0-alpha.5
v1.18.0-rc1
v1.19.0-alpha.0
v1.19.0-alpha.1
v1.19.0-alpha.2
v1.19.0-alpha.3
v1.19.0-beta.0
v1.19.0-beta.1
v1.19.0-beta.2
v1.2.0-alpha.1
v1.2.0-alpha.2
v1.2.0-alpha.3
v1.2.0-alpha.4
v1.2.0-alpha.5
v1.2.0-alpha.6
v1.2.0-alpha.7
v1.2.0-alpha.8
v1.20.0-alpha.0
v1.20.0-alpha.1
v1.20.0-alpha.2
v1.20.0-alpha.3
v1.20.0-beta.0
v1.20.0-beta.1
v1.20.0-beta.2
v1.21.0
v1.21.0-alpha.0
v1.21.0-alpha.1
v1.21.0-alpha.2
v1.21.0-alpha.3
v1.21.0-beta.0
v1.21.0-beta.1
v1.22.0
v1.22.0-alpha.0
v1.22.0-alpha.1
v1.22.0-alpha.2
v1.22.0-alpha.3
v1.22.0-beta.0
v1.22.0-beta.1
v1.22.0-beta.2
v1.23.0
v1.23.0-alpha.0
v1.23.0-alpha.1
v1.23.0-alpha.2
v1.23.0-alpha.3
v1.23.0-alpha.4
v1.23.0-beta.0
v1.24.0
v1.24.0-alpha.0
v1.24.0-alpha.1
v1.24.0-alpha.2
v1.24.0-alpha.3
v1.24.0-alpha.4
v1.24.0-beta.0
v1.25.0
v1.25.0-alpha.0
v1.25.0-alpha.1
v1.25.0-alpha.2
v1.25.0-alpha.3
v1.25.0-beta.0
v1.26.0
v1.26.0-alpha.0
v1.26.0-alpha.1
v1.26.0-alpha.2
v1.26.0-alpha.3
v1.26.0-beta.0
v1.27.0
v1.27.0-alpha.0
v1.27.0-alpha.1
v1.27.0-alpha.2
v1.27.0-alpha.3
v1.27.0-beta.0
v1.28.0
v1.28.0-alpha.0
v1.28.0-alpha.1
v1.28.0-alpha.2
v1.28.0-alpha.3
v1.28.0-alpha.4
v1.28.0-beta.0
v1.28.0-rc.0
v1.28.0-rc.1
v1.28.1
v1.28.2
v1.28.3
v1.28.4
v1.28.5
v1.28.6
v1.29.0
v1.29.0-alpha.0
v1.29.0-alpha.1
v1.29.0-alpha.2
v1.29.0-alpha.3
v1.29.0-rc.0
v1.29.0-rc.1
v1.29.0-rc.2
v1.29.1
v1.29.2
v1.29.3
v1.29.4
v1.3.0-alpha.0
v1.3.0-alpha.1
v1.3.0-alpha.2
v1.3.0-alpha.3
v1.3.0-alpha.4
v1.3.0-alpha.5
v1.30.0
v1.30.0-alpha.0
v1.30.0-alpha.1
v1.30.0-alpha.2
v1.30.0-alpha.3
v1.30.0-beta.0
v1.30.0-rc.0
v1.30.0-rc.1
v1.30.0-rc.2
v1.31.0-alpha.0
v1.4.0-alpha.0
v1.4.0-alpha.1
v1.4.0-alpha.2
v1.4.0-alpha.3
v1.5.0-alpha.0
v1.5.0-alpha.1
v1.5.0-alpha.2
v1.6.0-alpha.0
v1.6.0-alpha.1
v1.6.0-alpha.2
v1.6.0-alpha.3
v1.7.0-alpha.0
v1.7.0-alpha.1
v1.7.0-alpha.2
v1.7.0-alpha.3
v1.7.0-alpha.4
v1.8.0
v1.8.0-alpha.0
v1.8.0-alpha.1
v1.8.0-alpha.2
v1.8.0-alpha.3
v1.9.0-alpha.0
v1.9.0-alpha.1
v1.9.0-alpha.2
v1.9.0-alpha.3
v1.9.0-beta.1
v1.9.0-beta.2
v3.*
v3.11.0