Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9675

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Published

2024-10-09T15:15:17.837

Last Modified

2025-04-10T22:15:16.910

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	buildah_project	buildah	-	Yes
Application	redhat	openshift_container_platform	4.13	Yes
Application	redhat	openshift_container_platform	4.14	Yes
Application	redhat	openshift_container_platform	4.15	Yes
Application	redhat	openshift_container_platform	4.16	Yes
Application	redhat	openshift_container_platform	4.17	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux_eus	8.8	Yes
Operating System	redhat	enterprise_linux_eus	9.0	Yes
Operating System	redhat	enterprise_linux_eus	9.2	Yes
Operating System	redhat	enterprise_linux_eus	9.4	Yes
Operating System	redhat	enterprise_linux_for_arm_64	8.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64	9.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.2_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.2_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.8_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_aus	8.6	Yes
Operating System	redhat	enterprise_linux_server_aus	9.2	Yes
Operating System	redhat	enterprise_linux_server_aus	9.4	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_tus	8.6	Yes
Operating System	redhat	enterprise_linux_server_tus	8.8	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	8.6	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	8.8	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.0	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.2	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.4	Yes

References

https://access.redhat.com/errata/RHSA-2024:8563 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8675 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8679 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8686 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8690 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8700 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8703 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8707 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8708 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8709 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8846 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8984 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8994 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9051 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9454 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9459 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2445 ([email protected])
https://access.redhat.com/errata/RHSA-2025:2449 ([email protected])
https://access.redhat.com/errata/RHSA-2025:2454 ([email protected])
https://access.redhat.com/errata/RHSA-2025:2701 ([email protected])
https://access.redhat.com/errata/RHSA-2025:2710 ([email protected])
https://access.redhat.com/errata/RHSA-2025:3301 ([email protected])
https://access.redhat.com/errata/RHSA-2025:3573 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-9675 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2317458 Issue Tracking ([email protected])