Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42044

[build] Ensure Git Clone Does Not Run Privileged

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      With the disclosure and patch of CVE-2024-45496, we must ensure that future versions of OpenShift do not allow the git clone container to run privileged. Git has fundamental weaknesses which allow a potential attacker with "edit" permissions to execute arbitrary commands.

      Version-Release number of selected component (if applicable):

      4.18

      How reproducible:

      Always

      Steps to Reproduce:

      N/A

      Actual results:

      N/A

      Expected results:

      N/A

      Additional info:

      See [CVE-2024-45496|https://access.redhat.com/security/cve/CVE-2024-45496]

              rhn-support-ppalepu Prabhakar Palepu
              adkaplan@redhat.com Adam Kaplan
              None
              None
              Kunal Memane Kunal Memane
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: