Primary

Context

Red Hat OpenShift Container Platform CRI-O Path Traversal Vulnerability Allowing Arbitrary Unmounting

Vulnerability

A path traversal vulnerability has been identified in CRI-O's log management functions, specifically UnMountPodLogs and LinkContainerLogs. This issue allows an attacker with the ability to create and delete Pods to unmount arbitrary host paths. The exploitation of this vulnerability could lead to a node-level denial-of-service by unmounting critical system directories.

Impact

Exploitation of this vulnerability can cause a denial-of-service on the node by unmounting essential system directories, potentially disrupting normal operations and causing system instability.

Remediation

Users of Red Hat OpenShift Container Platform 4.17 are advised to upgrade to version 4.17.16, where this vulnerability has been addressed. Instructions for upgrading a cluster are available in the OpenShift documentation.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat OpenShift Container Platform CRI-O Path Traversal Vulnerability Allowing Arbitrary Unmounting

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating