CVE-2024-3177

ADVISORY - github

Summary

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.

EPSS Score⁠: 0.06726 (0.909)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2024-3177⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

2.7low

GitHub

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-pxhw-596r-rwq5⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

2.7low

Debian

CREATED

2 years ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-3177⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-3177⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDGO-2024-2746⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2024-3177

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-20⁠CWE-937⁠

CVSS SCORE

2.7low

Red Hat

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2024-3177⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-213⁠

CVSS SCORE

2.7low

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-39fp-xxr7-25jp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-3q6x-c3gh-55x3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY ID

CGA-3v3x-h7hr-25p5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-43gv-rqm6-7fm3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-44cg-9qwh-5264

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-767g-rmq9-3jvc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-8cmx-27fq-6v47

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-96gj-3g36-x5m6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-97x5-8j2r-2r82

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-c37q-j2w2-r3w9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-c9xm-wf8m-c3mj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-cgxh-fg6g-34hx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-cxpg-v8r4-j4gw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-fr64-wrxq-478h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-hf9x-fxv8-4wr7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-hw42-8fhx-75fw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-jmp7-5xmq-hff3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-p62c-2jp8-x7m5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-p9hq-3pg9-v942

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-pfpf-4wv6-93mh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-pwhh-73hw-3gqj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-q7jx-wm99-8xvr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-q8h2-c7v4-4h8q

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-qcw5-c7xj-rqp8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-qfhv-m284-gpvr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-qpcc-xf8c-cm2p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-r5g8-36g8-8c5v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-r99h-p46j-5922

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-rrj8-p3g2-2952

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-v7vw-h5w2-c4qw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-w35x-g394-476j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-w426-f3h4-gj3x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-x3mq-wpqg-h6mr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-xg52-c7jp-qwqr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-xhww-27h2-x2vh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

CGA-xrx8-f8fj-vmgw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY ID

CVE-2024-3177

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

2.7low

minimos

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

MINI-jggh-27w4-pg48

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2024-3177

Summary

Common Weakness Enumeration (CWE)

CWE-20⁠

CWE-20⁠

CWE-1035⁠

CWE-20⁠

CWE-937⁠

CWE-213⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Debian

Ubuntu

CVSS SCORE

GoLang

GitLab

CVSS SCORE

Red Hat

CVSS SCORE

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Photon

CVSS SCORE

minimos