CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8676

Medium Severity
SVRS
30/100
CVSSv3
7.4/10
EPSS
0.00125/1

CVE-2024-8676 is a security vulnerability in CRI-O that could allow a malicious user to bypass security measures. This CRI-O vulnerability involves improper mount restoration from container checkpoints. Specifically, when restoring a container, CRI-O restores mounts from the archive instead of validating them against the current pod specification.

With a CVSS score of 7.4, this vulnerability has the potential for significant impact. The SOCRadar Vulnerability Risk Score (SVRS) is 30, which suggests that although the CVSS is moderate, external factors may not currently indicate widespread exploitation or elevated risk. However, the CWE-285 classification highlights the risk of improper authorization, which if exploited, could lead to unauthorized access to host mounts. Successful exploitation requires access to the kubelet or CRI-O socket, limiting the attack surface, but the potential consequences of bypassing security validations are significant.

TAGS
In The Wild
Vendor-advisory
X_refsource_REDHAT
Issue-tracking
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:H
A:N
PUBLICATION DATE2024-11-26
LAST MODIFIED2025-04-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-8676 is a newly disclosed vulnerability with limited information available at this time. Although the CVSS score is currently 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a moderate level of risk. This elevated SVRS score is due to the vulnerability being actively exploited "In The Wild," suggesting a high likelihood of malicious actors actively using it.

Key Insights

  • Limited Information: The lack of a detailed description for this CVE poses a challenge in fully understanding its technical nature and potential impact.
  • Active Exploitation: The "In The Wild" tag highlights the immediate threat posed by this vulnerability. Attackers are actively exploiting it, indicating a need for swift action.
  • SVRS Discrepancy: The SVRS score significantly exceeding the CVSS score underscores the limitations of traditional scoring systems. SOCRadar's SVRS incorporates broader intelligence sources, providing a more comprehensive and accurate assessment of risk.
  • Urgent Action Required: The combination of limited information and active exploitation necessitates immediate attention and prioritization of mitigation efforts.

Mitigation Strategies

  1. Prioritize Patching: While specific patching instructions may not be immediately available due to the lack of detailed information, prioritize patching all software and systems that could be affected by this vulnerability as new information becomes available.
  2. Implement Network Segmentation: Isolate critical systems and networks to limit the potential damage if the vulnerability is exploited. This will prevent the attacker from accessing sensitive data or spreading laterally.
  3. Enable Strong Security Controls: Ensure all necessary security controls are in place, including firewalls, intrusion detection systems, and endpoint protection.
  4. Monitor for Suspicious Activity: Closely monitor system logs, network traffic, and user behavior for signs of potential exploitation. This proactive monitoring is crucial for early detection and response.

Additional Information: If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-8676 | Red Hat Enterprise Linux/OpenShift Container Platform cri-o improper authorization
vuldb.com2024-12-18
CVE-2024-8676 | Red Hat Enterprise Linux/OpenShift Container Platform cri-o improper authorization | A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform. It has been rated as critical. This issue affects some unknown processing of the component cri-o. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2024-8676. The attack may be initiated remotely
vuldb.com
rss
forum
news

Social Media

1️⃣ #OpenShift Risk: A high severity flaw in #CRI-O allows attackers to bypass #mount access validations in versions before 1.29.11, from 1.30.0 to 1.30.8, and 1.31.0 to 1.31.3. Update to 1.29.11, 1.30.8, or 1.31.3+ to secure your platform (Reference: CVE-2024-8676).
1
0
0
CVE-2024-8676 A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoratio… https://t.co/0dIIoYX2Bt
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://access.redhat.com/errata/RHBA-2024:10826
[email protected]https://access.redhat.com/security/cve/CVE-2024-8676
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2313842
[email protected]https://access.redhat.com/errata/RHBA-2024:10826
[email protected]https://access.redhat.com/errata/RHSA-2025:0648
[email protected]https://access.redhat.com/security/cve/CVE-2024-8676
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2313842
RHBA-2024:10826https://access.redhat.com/errata/RHBA-2024:10826
RHBZ#2313842https://bugzilla.redhat.com/show_bug.cgi?id=2313842
RHSA-2025:0648https://access.redhat.com/errata/RHSA-2025:0648
RHSA-2025:1908https://access.redhat.com/errata/RHSA-2025:1908
[email protected]https://access.redhat.com/errata/RHBA-2024:10826
[email protected]https://access.redhat.com/errata/RHSA-2025:0648
[email protected]https://access.redhat.com/errata/RHSA-2025:1908
[email protected]https://access.redhat.com/security/cve/CVE-2024-8676
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2313842
RHBA-2024:10826https://access.redhat.com/errata/RHBA-2024:10826
RHBZ#2313842https://bugzilla.redhat.com/show_bug.cgi?id=2313842
RHSA-2025:0648https://access.redhat.com/errata/RHSA-2025:0648
RHSA-2025:1908https://access.redhat.com/errata/RHSA-2025:1908
RHSA-2025:3297https://access.redhat.com/errata/RHSA-2025:3297
[email protected]https://access.redhat.com/errata/RHBA-2024:10826
[email protected]https://access.redhat.com/errata/RHSA-2025:0648
[email protected]https://access.redhat.com/errata/RHSA-2025:1908
[email protected]https://access.redhat.com/errata/RHSA-2025:3297
[email protected]https://access.redhat.com/security/cve/CVE-2024-8676
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2313842

CWE Details

CWE IDCWE NameDescription
CWE-285Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence