Dockerfile Run --mount Vulnerability: Arbitrary File Modification
CVE-2024-9407

4.7MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 9.4 Extended Update Support
Vendor
CVE Published:
1 October 2024

What is CVE-2024-9407?

A security issue has been identified in the bind-propagation option utilized within the Dockerfile RUN --mount instruction. The vulnerability arises from inadequate validation of inputs supplied to this option, enabling users to introduce arbitrary parameters. This may lead to the unintended mounting of sensitive directories from the host system into a container during the build process. Moreover, it can result in the alteration of the contents of these mounted files. Importantly, this vulnerability has the potential to circumvent SELinux protections, as it allows the source directory to be relabeled, thus granting containers access to host files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:10147
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8846
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9051
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.