CVE-2024-1725 - Vulnerability Details

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Openshift Openshift Container Platform Openshift Container Platform For Arm64 Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone Openshift Container Platform For Power

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.13
openshift4/kubevirt-csi-driver-rhel8:v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:2047	2024-05-02T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift4/kubevirt-csi-driver-rhel8:v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:1891	2024-04-26T00:00:00Z
Red Hat OpenShift Container Platform 4.15
openshift4/kubevirt-csi-driver-rhel8:v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8	cpe:/a:redhat:openshift:4.15::el8	RHSA-2024:1559	2024-04-02T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:1559
https://access.redhat.com/errata/RHSA-2024:1891
https://access.redhat.com/errata/RHSA-2024:2047
https://access.redhat.com/security/cve/CVE-2024-1725
https://bugzilla.redhat.com/show_bug.cgi?id=2265398
https://nvd.nist.gov/vuln/detail/CVE-2024-1725
https://www.cve.org/CVERecord?id=CVE-2024-1725

History

Wed, 26 Mar 2025 05:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Tue, 11 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Container Platform Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::*
Vendors & Products		Redhat openshift Container Platform Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power

Wed, 06 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-03-07T20:09:11.616Z

Updated: 2025-03-26T04:52:26.156Z

Reserved: 2024-02-21T20:27:59.807Z

Link: CVE-2024-1725

Vulnrichment

Updated: 2024-08-01T18:48:21.831Z

NVD

Status : Modified

Published: 2024-03-07T20:15:50.690

Modified: 2025-03-26T05:15:40.107

Link: CVE-2024-1725

Redhat

Severity : Important

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2024-1725 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object