8.2
CVE-2024-9341
- EPSS 0.97%
- Veröffentlicht 01.10.2024 19:15:09
- Zuletzt bearbeitet 11.12.2024 04:15:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Containers ≫ Common SwPlatformgo
Redhat ≫ Openshift Container Platform Version4.12
Redhat ≫ Openshift Container Platform Version4.13
Redhat ≫ Openshift Container Platform Version4.14
Redhat ≫ Openshift Container Platform Version4.15
Redhat ≫ Openshift Container Platform Version4.16
Redhat ≫ Openshift Container Platform Version4.17
Redhat ≫ Enterprise Linux Version8.0 SwEdition-
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.576 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
| secalert@redhat.com | 5.4 | 1.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
https://access.redhat.com/errata/RHSA-2024:10818
https://access.redhat.com/errata/RHSA-2024:10147
https://access.redhat.com/errata/RHSA-2024:7925
https://access.redhat.com/errata/RHSA-2024:8039
https://access.redhat.com/errata/RHSA-2024:8112
https://access.redhat.com/errata/RHSA-2024:8238
https://access.redhat.com/errata/RHSA-2024:8263
https://access.redhat.com/errata/RHSA-2024:8428
https://access.redhat.com/errata/RHSA-2024:8690
https://access.redhat.com/errata/RHSA-2024:8694
https://access.redhat.com/errata/RHSA-2024:8846
https://access.redhat.com/errata/RHSA-2024:9454
https://access.redhat.com/errata/RHSA-2024:9459
https://access.redhat.com/security/cve/CVE-2024-9341
https://bugzilla.redhat.com/show_bug.cgi?id=2315691
https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169
https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349