CVE-2024-9675

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2317458

https://access.redhat.com/security/cve/CVE-2024-9675

https://access.redhat.com/errata/RHSA-2024:9459

https://access.redhat.com/errata/RHSA-2024:9454

https://access.redhat.com/errata/RHSA-2024:9051

https://access.redhat.com/errata/RHSA-2024:8984

https://access.redhat.com/errata/RHSA-2024:8846

https://access.redhat.com/errata/RHSA-2024:8709

https://access.redhat.com/errata/RHSA-2024:8708

https://access.redhat.com/errata/RHSA-2024:8707

https://access.redhat.com/errata/RHSA-2024:8703

https://access.redhat.com/errata/RHSA-2024:8700

https://access.redhat.com/errata/RHSA-2024:8690

https://access.redhat.com/errata/RHSA-2024:8686

https://access.redhat.com/errata/RHSA-2024:8679

https://access.redhat.com/errata/RHSA-2024:8675

https://access.redhat.com/errata/RHSA-2024:8563

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3