CVE-2024-3154 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-3154 at MITRE

Description

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1223339 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`grype >= 0.80.1-1.1` `grype-bash-completion >= 0.80.1-1.1` `grype-fish-completion >= 0.80.1-1.1` `grype-zsh-completion >= 0.80.1-1.1`	Patchnames: openSUSE-Tumbleweed-2024-14334

SUSE Timeline for this CVE

CVE page created: Tue Apr 23 14:00:26 2024
CVE page last modified: Fri Sep 13 00:48:39 2024