CVE-2024-3154

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Apr 26, 2024

Updated: Jun 5, 2024

CWE ID 77

Summary

CVE-2024-3154 is a newly discovered vulnerability in cri-o, an open-source container runtime. This issue allows any user with the ability to create a pod to inject arbitrary systemd properties via a Pod annotation. Consequently, the attacker can perform arbitrary actions on the host system, potentially leading to significant security risks. The flaw underscores the importance of secure container management practices and timely software updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vkCwvg
https://www.cve.org/CVERecord?id=CVE-2024-3154
https://nvd.nist.gov/vuln/detail/CVE-2024-3154

Back to Vulnerability Database

CVE-2024-3154

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations