Container Escape Vulnerability in Podman Build and Buildah
CVE-2024-1753
Summary
A flaw exists within Buildah and Podman that permits containers to mount arbitrary locations from the host filesystem into build containers. This vulnerability can be exploited by utilizing a malicious Containerfile, where a deceptive image with a symbolic link to the root filesystem serves as the mount source. Such an operation can lead to the host's root filesystem being mounted inside the RUN step of the container build process, allowing full read-write access to the host filesystem during execution. This significant risk underscores the potential for complete container escape at build time, representing a serious threat to security and requiring immediate attention.
Affected Version(s)
Red Hat Enterprise Linux 8 8090020240413110917.d7b6f4b7
Red Hat Enterprise Linux 8 8090020240417184044.e7857ab1
Red Hat Enterprise Linux 8.6 Extended Update Support 8060020240422155330.3b538bd8
News Articles
securityonline.infoCVE-2024-1753CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes
A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah
10 months ago
References
CVSS V3.1
Timeline
- π°
First article discovered by securityonline.info
Vulnerability published
Vulnerability Reserved