CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-25133: Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation

Description

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.

Classification

CVE ID: CVE-2024-25133

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 21.56% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2260372
https://github.com/openshift/hive/pull/2306

Timeline

2025-01-01 00:30:19 UTC
CVE

Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation
2025-01-02 13:15:21 UTC
Github Advisory Database (Go)

[github.com/openshift/hive] OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation