CodeReady Workspaces is a development environment provided by Red Hat. This vulnerability allows attackers to execute arbitrary commands within an affected container, potentially leading to full root privileges and unauthorized access to sensitive data.
You're affected if you use CodeReady Workspaces versions 1.3.0 or earlier. To check if your version is vulnerable, run the following command: ls /etc/passwd (Note: This command checks for a specific file, but it may not detect all affected systems.)
This vulnerability is related to Red Hat's OpenShift Container Platform and is not directly related to CodeReady Workspaces itself, but rather an issue with the images used in it. If you don't recognize the name "CodeReady Workspaces", you're probably not affected.
Version info: Not specified in the advisory.
To fix this vulnerability, upgrade to CodeReady Workspaces version 1.3.1 or later from the Red Hat Customer Portal (https://access.redhat.com/products/Red-Hat-OpenShift/).
Immediate mitigations:
- Restrict network access to your CodeReady Workspaces instance (firewall it from the public internet)
- Audit container logs for suspicious activity
- Monitor for unauthorized changes to system configuration