{
  "threat_severity" : "Important",
  "public_date" : "2024-04-22T16:00:00Z",
  "bugzilla" : {
    "description" : "cri-o: Arbitrary command injection via pod annotation",
    "id" : "2272532",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2272532"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-77",
  "details" : [ "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.", "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system." ],
  "acknowledgement" : "Red Hat would like to thank Akihiro Suda and Cédric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2024-05-16T00:00:00Z",
    "advisory" : "RHSA-2024:2784",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "cri-o-0:1.25.5-16.2.rhaos4.12.gitcb09013.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2024-06-05T00:00:00Z",
    "advisory" : "RHSA-2024:3496",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "cri-o-0:1.26.5-16.2.rhaos4.13.git67e2a9d.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2024-05-09T00:00:00Z",
    "advisory" : "RHSA-2024:2672",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el8",
    "package" : "cri-o-0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.15",
    "release_date" : "2024-05-09T00:00:00Z",
    "advisory" : "RHSA-2024:2669",
    "cpe" : "cpe:/a:redhat:openshift:4.15::el8",
    "package" : "cri-o-0:1.28.6-2.rhaos4.15.git77bbb1c.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Not affected",
    "package_name" : "cri-o",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-3154\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3154\nhttps://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j\nhttps://github.com/opencontainers/runc/pull/4217\nhttps://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson" ],
  "name" : "CVE-2024-3154",
  "csaw" : false
}