Container Escape Vulnerability in Podman Build and Buildah
CVE-2024-1753

8.6HIGH

Key Information:

Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 8.8 Extended Update Support
Vendor
CVE Published:
18 March 2024

Badges

đź“° News Worthy

What is CVE-2024-1753?

A flaw exists within Buildah and Podman that permits containers to mount arbitrary locations from the host filesystem into build containers. This vulnerability can be exploited by utilizing a malicious Containerfile, where a deceptive image with a symbolic link to the root filesystem serves as the mount source. Such an operation can lead to the host's root filesystem being mounted inside the RUN step of the container build process, allowing full read-write access to the host filesystem during execution. This significant risk underscores the potential for complete container escape at build time, representing a serious threat to security and requiring immediate attention.

News Articles

favicon imagesecurityonline.info

CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah

References

https://access.redhat.com/errata/RHSA-2024:2049
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2055
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2064
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • đź“°

    First article discovered by securityonline.info

  • Vulnerability published

  • Vulnerability Reserved

JSON
.