Upstream information

CVE-2024-3154 at MITRE

Description

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1223339 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • grype >= 0.80.1-1.1
  • grype-bash-completion >= 0.80.1-1.1
  • grype-fish-completion >= 0.80.1-1.1
  • grype-zsh-completion >= 0.80.1-1.1
Patchnames:
openSUSE-Tumbleweed-2024-14334


SUSE Timeline for this CVE

CVE page created: Tue Apr 23 14:00:26 2024
CVE page last modified: Fri Sep 13 00:48:39 2024