CVE-2024-8676

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 285

Summary

CVE-2024-8676 is a vulnerability affecting CRI-O, an open-source container runtime for Kubernetes. The issue stems from a lack of validation during container restoration. When CRI-O restores a container, it incorrectly assumes the mounts specified in the pod spec for the new container are the same as those in the restored archive. This oversight allows a malicious user, with access to the kubelet or cri-o socket, to trigger the restoration of a pod without the necessary access to host mounts, potentially leading to unintended container behavior or security breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share