Vulnerability in Red Hat Openshift Container Platform 4.13
CVE-2024-1725
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent V…
EPSS: 0.001 (34.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Red Hat Openshift Container Platform 4.13 — versions v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8
- Red Hat Openshift Container Platform 4.14 — versions v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8
- Red Hat Openshift Container Platform 4.15 — versions v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2024:1559 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:1891 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:2047 (vendor-advisory, x_refsource_REDHAT)
- access.redhat.com/security/cve/CVE-2024-1725 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2265398 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2024-1725?
- CVE-2024-1725 is a medium-severity vulnerability in Red Hat Openshift Container Platform 4.13, classified under Trust Boundary Violation. CVSS score: 6.5/10. Published 2024-03-07.
- How severe is CVE-2024-1725?
- Medium severity. CVSS v3 base score is 6.5 out of 10.
- Is CVE-2024-1725 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.