Container Escape Vulnerability in Podman Build and Buildah

CVE-2024-1753

What is CVE-2024-1753?

A flaw exists within Buildah and Podman that permits containers to mount arbitrary locations from the host filesystem into build containers. This vulnerability can be exploited by utilizing a malicious Containerfile, where a deceptive image with a symbolic link to the root filesystem serves as the mount source. Such an operation can lead to the host's root filesystem being mounted inside the RUN step of the container build process, allowing full read-write access to the host filesystem during execution. This significant risk underscores the potential for complete container escape at build time, representing a serious threat to security and requiring immediate attention.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

securityonline.info

CVE-2024-1753

CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah

References