Количество 45
Количество 45
GHSA-wq2p-5pc6-wpgf
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
BDU:2024-09457
Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с неправильным ограничением имени пути к ограниченному каталогу, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2024-10289
ELSA-2024-10289: container-tools:ol8 security update (MODERATE)
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly val ...
CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfil ...
SUSE-SU-2024:3728-1
Security update for buildah
ROS-20241029-07
Уязвимость buildah
RLSA-2024:8563
Important: buildah security update
GHSA-586p-749j-fhwp
Buildah allows arbitrary directory mount
ELSA-2024-8563
ELSA-2024-8563: buildah security update (IMPORTANT)
BDU:2024-09320
Уязвимость инструмента управления контейнерными образами Buildah, существующая из-за неверного ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю пользователю повысить привилегии в системе
ROS-20241029-12
Уязвимость buildah
ROS-20241029-05
Уязвимость podman
GHSA-fhqq-8f65-5xfc
Improper Input Validation in Buildah and Podman
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-wq2p-5pc6-wpgf A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | CVSS3: 6.5 | 2% Низкий | 8 месяцев назад |
 | BDU:2024-09457 Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с неправильным ограничением имени пути к ограниченному каталогу, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 2% Низкий | 8 месяцев назад |
| ELSA-2024-10289 ELSA-2024-10289: container-tools:ol8 security update (MODERATE) | 7 месяцев назад | ||
 | CVE-2024-9675 A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-9675 A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-9675 A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
| CVE-2024-9675 A vulnerability was found in Buildah. Cache mounts do not properly val ... | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
| CVE-2024-9407 A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | CVSS3: 4.7 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9407 A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | CVSS3: 4.7 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9407 A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | CVSS3: 4.7 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9407 A vulnerability exists in the bind-propagation option of the Dockerfil ... | CVSS3: 4.7 | 0% Низкий | 9 месяцев назад |
 | SUSE-SU-2024:3728-1 Security update for buildah | 0% Низкий | 8 месяцев назад | |
 | ROS-20241029-07 Уязвимость buildah | CVSS3: 4.4 | 0% Низкий | 8 месяцев назад |
 | RLSA-2024:8563 Important: buildah security update | 0% Низкий | 7 месяцев назад | |
| GHSA-586p-749j-fhwp Buildah allows arbitrary directory mount | CVSS3: 4.4 | 0% Низкий | 8 месяцев назад |
| ELSA-2024-8563 ELSA-2024-8563: buildah security update (IMPORTANT) | 8 месяцев назад | ||
| BDU:2024-09320 Уязвимость инструмента управления контейнерными образами Buildah, существующая из-за неверного ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю пользователю повысить привилегии в системе | CVSS3: 4.4 | 0% Низкий | 8 месяцев назад |
| ROS-20241029-12 Уязвимость buildah | CVSS3: 4.7 | 0% Низкий | 8 месяцев назад |
| ROS-20241029-05 Уязвимость podman | CVSS3: 4.7 | 0% Низкий | 8 месяцев назад |
| GHSA-fhqq-8f65-5xfc Improper Input Validation in Buildah and Podman | CVSS3: 4.7 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу