7.8

CVE-2024-9675

Buildah: buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Buildah ProjectBuildah Version-
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.0
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux For Arm 64 Version8.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.307
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://access.redhat.com/errata/RHSA-2024:8690
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8846
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9459
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9051
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8563
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8675
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8679
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8686
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8700
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8703
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8707
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8708
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8709
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8984
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8994
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-9675
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317458
Issue Tracking
https://access.redhat.com/errata/RHSA-2025:2449
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2445
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2701
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2710
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3301
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3573
Third Party Advisory