OpenShift Security Update Advisory (CVE-2024-7387, CVE-2024-45496)

Sep 19 2024

Overview

An update has been released to address vulnerabilities in OpenShift. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-7387

Openshift/builder

CVE-2024-45496

Openshift

Resolved Vulnerabilities

Vulnerability in OpenShift/builder that could allow a malicious user to execute arbitrary commands on an OpenShift node running a builder container (CVE-2024-7387)

Elevation of privilege vulnerability in the build process in OpenShift that could allow a developer to execute arbitrary commands on a worker node via a maliciously crafted .gitconfig file (CVE-2024-45496)

Vulnerability Patches

The following product-specific vulnerability patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-7387, CVE-2024-45496

OpenShift Container Platform version: 4.13.50

References

[1] CVE-2024-7387 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7387

[2] CVE-2024-45496 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45496

[3] OpenShift Container Platform 4.13 release notes

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

OpenShift Security Update Advisory (CVE-2024-7387, CVE-2024-45496)

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Mozilla Products September 2024 1st Security Update Advisory

Tags:

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Mozilla Products September 2024 1st Security Update Advisory