Описание
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
Отчет
This vulnerability is classified as moderate rather than important because it requires the attacker to have build privileges on the system, which inherently limits the scope of exploitation to trusted or semi-trusted users who already have some level of access. Additionally, while the flaw allows mounting and potential modification of host files, it is confined to the build process, meaning the exploitation window is limited to when a container is being built, not during runtime.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | buildah | Affected | ||
| Red Hat Enterprise Linux 10 | podman | Affected | ||
| Red Hat OpenShift Container Platform 4 | buildah | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-docker-builder | Fix deferred | ||
| Red Hat Enterprise Linux 8 | container-tools | Fixed | RHSA-2024:8846 | 05.11.2024 |
| Red Hat Enterprise Linux 9 | podman | Fixed | RHSA-2024:9051 | 11.11.2024 |
| Red Hat Enterprise Linux 9 | podman | Fixed | RHSA-2024:9454 | 12.11.2024 |
| Red Hat Enterprise Linux 9 | buildah | Fixed | RHSA-2024:9459 | 12.11.2024 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | buildah | Fixed | RHSA-2024:9926 | 19.11.2024 |
| Red Hat OpenShift Container Platform 4.16 | rhcos-416.94.202411201433 | Fixed | RHSA-2024:10147 | 26.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
A vulnerability exists in the bind-propagation option of the Dockerfil ...
EPSS
4.7 Medium
CVSS3