Github.Com Containers Buildah vulnerabilities

CVE-2024-11218 [HIGH] CWE-269 Buildah allows build breakout using malicious Containerfiles and concurrent builds Buildah allows build breakout using malicious Containerfiles and concurrent builds ### Impact With careful use of the `--mount` flag in RUN instructions in Containerfiles, and by using either multi-stage builds with use of concurrently-executing build stages (e.g., using the `--jobs` CLI flag) or multiple separate but concurrently-executing builds, a malicious Containerfile can be us

CVE-2024-9675 [MEDIUM] CWE-22 Buildah allows arbitrary directory mount Buildah allows arbitrary directory mount A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

CVE-2024-9407 [MEDIUM] CWE-20 Improper Input Validation in Buildah and Podman Improper Input Validation in Buildah and Podman A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases,

CVE-2024-1753 [HIGH] CWE-22 Container escape at build time Container escape at build time ### Impact _What kind of vulnerability is it? Who is impacted?_ Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. ### Patches From @nalind ``` # cat /root/cve-2024-1753.diff --- internal/volumes/volumes.go +++ internal/volumes/volumes.go @@ -11,6 +11,7 @@

CVE-2022-2990 [HIGH] CWE-842 Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access

CVE-2022-27651 [MEDIUM] CWE-276 Non-empty default inheritable capabilities for linux container in Buildah Non-empty default inheritable capabilities for linux container in Buildah A bug was found in Buildah where containers were created with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container sec

CVE-2021-3602 [MEDIUM] CWE-200 Buildah processes using chroot isolation may leak environment values to intermediate processes Buildah processes using chroot isolation may leak environment values to intermediate processes ### Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes (CVE-2021-3602). This isolation type is often used when running `buildah` in unprivileged containers, and it

CVE-2020-10696 [HIGH] CWE-22 Path Traversal in Buildah Path Traversal in Buildah A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. ### Specific Go Packages Affected github.com/containers/buildah/imagebuildah