CVE-2024-9675

Summary

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Affected Software

VendorProductVersion RangeStatus
0 < 1.38.0affected
Red HatRed Hat Enterprise Linux 88100020241023085649.afee755d < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020241028154646.3b538bd8 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020241028154646.3b538bd8 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020241028154646.3b538bd8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020241025064551.0f77c1b7 < *unaffected
Red HatRed Hat Enterprise Linux 92:1.33.10-1.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 94:4.9.4-16.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 94:5.2.2-9.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 92:1.37.5-1.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support1:1.26.8-2.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support2:4.2.0-5.el9_0.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support1:1.29.4-1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support2:4.4.1-21.el9_2 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.12v4.12.0-202503181728.p0.ge355452.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.133:4.4.1-15.rhaos4.13.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13v4.13.0-202503111300.p0.gb379980.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.143:4.4.1-21.rhaos4.14.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.153:4.4.1-32.rhaos4.15.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.164:4.9.4-12.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.175:5.2.2-1.rhaos4.17.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9 < *unaffected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References