CVE-2024-11218Improper Privilege Management in Containers Buildah

CWE-269Improper Privilege Management8 documents6 sources
Severity
8.6HIGHNVD
EPSS
0.2%
top 62.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Github.com Containers Buildah
Timeline
PublishedJan 22
Latest updateJan 28

Description

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages1 packages

Gogithub.com/containers_buildah1.35.01.35.5+3

🔴Vulnerability Details

5
OSV
Buildah allows build breakout using malicious Containerfiles and concurrent builds in github.com/containers/buildah2025-01-28
CVEList
Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile2025-01-22
OSV
CVE-2024-11218: A vulnerability was found in `podman build` and `buildah2025-01-22
GHSA
Buildah allows build breakout using malicious Containerfiles and concurrent builds2025-01-21
OSV
Buildah allows build breakout using malicious Containerfiles and concurrent builds2025-01-21

📋Vendor Advisories

2
Red Hat
podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile2025-01-20
Debian
CVE-2024-11218: golang-github-containers-buildah - A vulnerability was found in `podman build` and `buildah.` This issue occurs in ...2024
CVE-2024-11218 — Improper Privilege Management | cvebase