cbcvebase.
CVE-2024-9675
published 2024-10-09

CVE-2024-9675: A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a…

medium4.4CVSS 3.1
AVLACLPRLUINSUCLILAN
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Affected

48 ranges· showing 25
VendorProductVersion rangeFixed in
debiangolang-github-containers-buildah< golang-github-containers-buildah 1.37.4+ds1-1 (forky)golang-github-containers-buildah 1.37.4+ds1-1 (forky)
github.comcontainers_buildah>= 0 < 1.38.01.38.0
github.comcontainers_buildah>= 0 < 1.37.11.37.1
msrcazl3_libcontainers-common_20240213-3_on_azure_linux_3.0
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_for_arm_64
redhatenterprise_linux_for_arm_64
redhatenterprise_linux_for_arm_64_eus
redhatenterprise_linux_for_arm_64_eus
redhatenterprise_linux_for_arm_64_eus
redhatenterprise_linux_for_arm_64_eus
redhatenterprise_linux_for_ibm_z_systems
redhatenterprise_linux_for_ibm_z_systems
redhatenterprise_linux_for_ibm_z_systems_eus
redhatenterprise_linux_for_ibm_z_systems_eus
redhatenterprise_linux_for_ibm_z_systems_eus
redhatenterprise_linux_for_ibm_z_systems_eus
redhatenterprise_linux_for_power_little_endian
redhatenterprise_linux_for_power_little_endian
redhatenterprise_linux_for_power_little_endian_eus

CVSS provenance

nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
osv4.4MEDIUM