{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T04:34:48.458","vulnerabilities":[{"cve":{"id":"CVE-2024-3154","sourceIdentifier":"secalert@redhat.com","published":"2024-04-26T04:15:09.217","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."},{"lang":"es","value":"Se encontró una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotación Pod. Cualquier usuario que pueda crear un pod con una anotación arbitraria puede realizar una acción arbitraria en el sistema host."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:2669","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2672","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2784","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:3496","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-3154","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272532","source":"secalert@redhat.com"},{"url":"https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j","source":"secalert@redhat.com"},{"url":"https://github.com/opencontainers/runc/pull/4217","source":"secalert@redhat.com"},{"url":"https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2669","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2672","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2784","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:3496","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2024-3154","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272532","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/opencontainers/runc/pull/4217","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}