Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.19.0
Affects Version/s: 4.18
Component/s: openshift-controller-manager / build
Labels:

Regression:
None
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.19.0
Target Backport Versions:

4.13.z, 4.12.z, 4.14.z, 4.15.z, 4.17.z, 4.16.z, 4.18.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

With the disclosure and patch of CVE-2024-45496, we must ensure that future versions of OpenShift do not allow the git clone container to run privileged. Git has fundamental weaknesses which allow a potential attacker with "edit" permissions to execute arbitrary commands.

Version-Release number of selected component (if applicable):

4.18

How reproducible:

Always

Steps to Reproduce:

N/A

Actual results:

N/A

Expected results:

N/A

Additional info:

See [CVE-2024-45496|https://access.redhat.com/security/cve/CVE-2024-45496]

blocks

OCPBUGS-55470 [build] Ensure Git Clone Does Not Run Privileged

Release Pending

is cloned by

OCPBUGS-55470 [build] Ensure Git Clone Does Not Run Privileged

Release Pending

links to

openshift/origin#29686: OCPBUGS-42044: [build] Ensure Git Clone Does Not Run Privileged

RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update

Assignee:: Prabhakar Palepu

Reporter:: Adam Kaplan

QA Contact:: Kunal Memane

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/09/16 6:47 PM

Updated:: 2025/06/17 4:57 PM

Resolved:: 2025/06/17 4:57 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates