This advisory covers security fixes in Red Hat OpenShift Container Platform 4.16.13, including a path traversal vulnerability (CVE-2024-7387) in the openshift/builder component that enables command injection in privileged BuildContainers using the docker build strategy. It also addresses an elevation of privilege vulnerability (CVE-2024-45496) in the openshift-controller-manager where elevated Build Pods can lead to node compromise. Additionally, it fixes an issue in jose-go (CVE-2024-28180) related to improper handling of highly compressed data. The advisory provides updated container images for multiple architectures and instructs users to upgrade their clusters accordingly. No CVSS scores are provided in the advisory; users should refer to the linked CVE pages for detailed severity ratings.

Successful exploitation of CVE-2024-7387 could allow an attacker to perform command injection via path traversal in privileged BuildContainers, potentially leading to unauthorized code execution. CVE-2024-45496 could allow elevated Build Pods to compromise the underlying node, increasing the risk of full node takeover. CVE-2024-28180 involves improper handling of compressed data, which may lead to denial of service or other impacts depending on the context. These vulnerabilities affect Red Hat OpenShift Container Platform 4.16 deployments and could compromise cluster security if unpatched.

Red Hat has released OpenShift Container Platform 4.16.13 with updated container images and packages that address these vulnerabilities. Users should upgrade their OpenShift clusters to version 4.16.13 using the official upgrade documentation and tools such as the OpenShift CLI (oc) or web console. The vendor advisory confirms this update as the official fix. No alternative mitigations or temporary workarounds are indicated. Users should verify the availability of updates in their release channels and apply them promptly to mitigate these issues.