CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:1559	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1891	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2047	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-1725	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2265398	Issue Tracking
https://access.redhat.com/errata/RHSA-2024:1559	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1891	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2047	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-1725	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2265398	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::*

History

26 Mar 2025, 05:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 6.5

11 Mar 2025, 16:55

Type	Values Removed	Values Added
First Time		Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform For Power Redhat openshift Container Platform Redhat Redhat openshift Container Platform For Ibm Z
CWE		NVD-CWE-noinfo
References	~~() https://access.redhat.com/errata/RHSA-2024:1559 -~~	() https://access.redhat.com/errata/RHSA-2024:1559 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1891 -~~	() https://access.redhat.com/errata/RHSA-2024:1891 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:2047 -~~	() https://access.redhat.com/errata/RHSA-2024:2047 - Vendor Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2024-1725 -~~	() https://access.redhat.com/security/cve/CVE-2024-1725 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2265398 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2265398 - Issue Tracking
CPE		cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::*

21 Nov 2024, 08:51

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2024:1559 -~~	() https://access.redhat.com/errata/RHSA-2024:1559 -
References	~~() https://access.redhat.com/errata/RHSA-2024:1891 -~~	() https://access.redhat.com/errata/RHSA-2024:1891 -
References	~~() https://access.redhat.com/errata/RHSA-2024:2047 -~~	() https://access.redhat.com/errata/RHSA-2024:2047 -
References	~~() https://access.redhat.com/security/cve/CVE-2024-1725 -~~	() https://access.redhat.com/security/cve/CVE-2024-1725 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2265398 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2265398 -

08 May 2024, 02:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2047 -

26 Apr 2024, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1891 -

03 Apr 2024, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1559 -

07 Mar 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-07 20:15

Updated : 2025-03-26 05:15

NVD link : CVE-2024-1725

Mitre link : CVE-2024-1725

CVE.ORG link : CVE-2024-1725

JSON object : View

Products Affected

redhat

openshift_container_platform_for_arm64
openshift_container_platform_for_ibm_z
openshift_container_platform_for_power
openshift_container_platform
openshift_container_platform_for_linuxone

CWE

CWE-501

Trust Boundary Violation

NVD-CWE-noinfo

6.5 /10