Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-11218

Опубликовано: 20 янв. 2025
Источник: redhat
CVSS3: 8.6

Описание

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Отчет

This vulnerability marked as important severity rather than moderate because it allows a malicious Containerfile to exploit the --mount flag in RUN instructions to directly interact with the build host's filesystem. By leveraging this, an attacker can gain unauthorized access to sensitive files or inject malicious content using the privileges of the build process. In environments where the build process is executed by a root-owned Podman system service exposed to unprivileged users, this vulnerability escalates to a high level, as it enables unauthorized read/write access to high-privilege files, such as setuid executables.

Меры по смягчению последствий

Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled. SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-269
https://bugzilla.redhat.com/show_bug.cgi?id=2326231podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile

8.6 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-11218

CVSS3: 8.6
ubuntu
5 месяцев назад

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

nvd логотип

CVE-2024-11218

CVSS3: 8.6
nvd
5 месяцев назад

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

debian логотип

CVE-2024-11218

CVSS3: 8.6
debian
5 месяцев назад

A vulnerability was found in `podman build` and `buildah.` This issue ...

suse-cvrf логотип

SUSE-SU-2025:0382-1

suse-cvrf
4 месяца назад

Security update for podman

suse-cvrf логотип

SUSE-SU-2025:0301-1

suse-cvrf
5 месяцев назад

Security update for buildah

8.6 High

CVSS3