Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-9675

Опубликовано: 09 окт. 2024
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Developer Tools and Servicesocp-tools-4/jenkins-agent-base-rhel8Will not fix
OpenShift Developer Tools and Servicesocp-tools-4/jenkins-rhel8Will not fix
Red Hat Enterprise Linux 10buildahNot affected
Red Hat Enterprise Linux 10podmanNot affected
Red Hat Enterprise Linux 7skopeoOut of support scope
Red Hat Enterprise Linux 9conmonNot affected
Red Hat OpenShift Container Platform 4buildahNot affected
Red Hat OpenShift Container Platform 4conmonAffected
Red Hat OpenShift Container Platform 4cri-oNot affected
Red Hat Quay 3quay/quay-builder-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=2317458buildah: Buildah allows arbitrary directory mount

EPSS

Процентиль: 21%
0.00066
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-9675

CVSS3: 7.8
ubuntu
8 месяцев назад

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

nvd логотип

CVE-2024-9675

CVSS3: 7.8
nvd
8 месяцев назад

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

debian логотип

CVE-2024-9675

CVSS3: 7.8
debian
8 месяцев назад

A vulnerability was found in Buildah. Cache mounts do not properly val ...

suse-cvrf логотип

SUSE-SU-2024:3728-1

suse-cvrf
8 месяцев назад

Security update for buildah

redos логотип

ROS-20241029-07

CVSS3: 4.4
redos
8 месяцев назад

Уязвимость buildah

EPSS

Процентиль: 21%
0.00066
Низкий

7.8 High

CVSS3