Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-11218

Опубликовано: 20 янв. 2025
Источник: redhat
CVSS3: 8.6
EPSS Низкий

Описание

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Отчет

This vulnerability marked as important severity rather than moderate because it allows a malicious Containerfile to exploit the --mount flag in RUN instructions to directly interact with the build host's filesystem. By leveraging this, an attacker can gain unauthorized access to sensitive files or inject malicious content using the privileges of the build process. In environments where the build process is executed by a root-owned Podman system service exposed to unprivileged users, this vulnerability escalates to a high level, as it enables unauthorized read/write access to high-privilege files, such as setuid executables.

Меры по смягчению последствий

Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled. SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10buildahNot affected
Red Hat Enterprise Linux 10podmanAffected
Red Hat Enterprise Linux 8container-toolsFixedRHSA-2025:137213.02.2025
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportcontainer-toolsFixedRHSA-2025:120710.02.2025
Red Hat Enterprise Linux 8.6 Telecommunications Update Servicecontainer-toolsFixedRHSA-2025:120710.02.2025
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionscontainer-toolsFixedRHSA-2025:120710.02.2025
Red Hat Enterprise Linux 8.8 Extended Update Supportcontainer-toolsFixedRHSA-2025:127511.02.2025
Red Hat Enterprise Linux 9podmanFixedRHSA-2025:092204.02.2025
Red Hat Enterprise Linux 9buildahFixedRHSA-2025:092304.02.2025
Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionspodmanFixedRHSA-2025:118610.02.2025

Показывать по

Дополнительная информация

Статус:

Important
Дефект:
CWE-269
https://bugzilla.redhat.com/show_bug.cgi?id=2326231podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile

EPSS

Процентиль: 11%
0.0004
Низкий

8.6 High

CVSS3

Связанные уязвимости

CVSS3: 8.6
ubuntu
7 месяцев назад

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

CVSS3: 8.6
nvd
7 месяцев назад

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

CVSS3: 8.6
debian
7 месяцев назад

A vulnerability was found in `podman build` and `buildah.` This issue ...

suse-cvrf
6 месяцев назад

Security update for podman

suse-cvrf
6 месяцев назад

Security update for buildah

EPSS

Процентиль: 11%
0.0004
Низкий

8.6 High

CVSS3