CVE-2024-25131: Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation

Description

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.

Classification

CVE ID: CVE-2024-25131

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 38.18% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2024-25131
https://bugzilla.redhat.com/show_bug.cgi?id=2258856
https://github.com/openshift/must-gather-operator/pull/135
https://github.com/openshift/must-gather-operator/pull/138

Timeline

2024-12-20 00:32:53 UTC
CVE

Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation