Buildah: buildah allows arbitrary directory mount

CVE-2024-9675

7.8HIGH

Key Information

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions
Vendor
CVE Published:
9 October 2024

Summary

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 8100020241023085649.afee755d

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support <= 8060020241028154646.3b538bd8

Red Hat Enterprise Linux 8.6 Telecommunications Update Service <= 8060020241028154646.3b538bd8

References

https://access.redhat.com/errata/RHSA-2024:8563
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8675
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8679
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.