CVE-2024-9675 | THREATINT

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

PUBLISHED Reserved 2024-10-09 | Published 2024-10-09 | Updated 2026-03-11 | Assigner redhat

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

Any version before 1.38.0

affected

Default status

affected

8100020241023085649.afee755d (rpm) before *

unaffected

Default status

affected

8060020241028154646.3b538bd8 (rpm) before *

unaffected

Default status

affected

8060020241028154646.3b538bd8 (rpm) before *

unaffected

Default status

affected

8060020241028154646.3b538bd8 (rpm) before *

unaffected

Default status

affected

8080020241025064551.0f77c1b7 (rpm) before *

unaffected

Default status

affected

2:1.33.10-1.el9_4 (rpm) before *

unaffected

Default status

affected

4:4.9.4-16.el9_4 (rpm) before *

unaffected

Default status

affected

4:5.2.2-9.el9_5 (rpm) before *

unaffected

Default status

affected

2:1.37.5-1.el9_5 (rpm) before *

unaffected

Default status

affected

1:1.26.8-2.el9_0 (rpm) before *

unaffected

Default status

affected

2:4.2.0-5.el9_0.2 (rpm) before *

unaffected

Default status

affected

1:1.29.4-1.el9_2 (rpm) before *

unaffected

Default status

affected

2:4.4.1-21.el9_2 (rpm) before *

unaffected

Default status

affected

v4.12.0-202503181728.p0.ge355452.assembly.stream.el8 (rpm) before *

unaffected

Default status

affected

3:4.4.1-16.rhaos4.13.el9 (rpm) before *

unaffected

Default status

affected

v4.13.0-202503111300.p0.gb379980.assembly.stream.el8 (rpm) before *

unaffected

Default status

affected

3:4.4.1-21.rhaos4.14.el9 (rpm) before *

unaffected

Default status

affected

v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 (rpm) before *

unaffected

Default status

affected

3:4.4.1-32.rhaos4.15.el8 (rpm) before *

unaffected

Default status

affected

v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8 (rpm) before *

unaffected

Default status

affected

4:4.9.4-14.rhaos4.16.el9 (rpm) before *

unaffected

Default status

affected

v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9 (rpm) before *

unaffected

Default status

affected

5:5.2.2-1.rhaos4.17.el8 (rpm) before *

unaffected

Default status

affected

v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9 (rpm) before *

unaffected

Default status

affected

v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9 (rpm) before *

unaffected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unknown

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

affected

Timeline

2024-10-09:	Reported to Red Hat.
2024-10-09:	Made public.

Credits

Red Hat would like to thank Erik Sjölund (Upstream) for reporting this issue.

References

access.redhat.com/errata/RHSA-2024:8563 (RHSA-2024:8563) vendor-advisory

access.redhat.com/errata/RHSA-2024:8675 (RHSA-2024:8675) vendor-advisory

access.redhat.com/errata/RHSA-2024:8679 (RHSA-2024:8679) vendor-advisory

access.redhat.com/errata/RHSA-2024:8686 (RHSA-2024:8686) vendor-advisory

access.redhat.com/errata/RHSA-2024:8690 (RHSA-2024:8690) vendor-advisory

access.redhat.com/errata/RHSA-2024:8700 (RHSA-2024:8700) vendor-advisory

access.redhat.com/errata/RHSA-2024:8703 (RHSA-2024:8703) vendor-advisory

access.redhat.com/errata/RHSA-2024:8707 (RHSA-2024:8707) vendor-advisory

access.redhat.com/errata/RHSA-2024:8708 (RHSA-2024:8708) vendor-advisory

access.redhat.com/errata/RHSA-2024:8709 (RHSA-2024:8709) vendor-advisory

access.redhat.com/errata/RHSA-2024:8846 (RHSA-2024:8846) vendor-advisory

access.redhat.com/errata/RHSA-2024:8984 (RHSA-2024:8984) vendor-advisory

access.redhat.com/errata/RHSA-2024:8994 (RHSA-2024:8994) vendor-advisory

access.redhat.com/errata/RHSA-2024:9051 (RHSA-2024:9051) vendor-advisory

access.redhat.com/errata/RHSA-2024:9454 (RHSA-2024:9454) vendor-advisory

access.redhat.com/errata/RHSA-2024:9459 (RHSA-2024:9459) vendor-advisory

access.redhat.com/errata/RHSA-2025:2445 (RHSA-2025:2445) vendor-advisory

access.redhat.com/errata/RHSA-2025:2449 (RHSA-2025:2449) vendor-advisory

access.redhat.com/errata/RHSA-2025:2454 (RHSA-2025:2454) vendor-advisory

access.redhat.com/errata/RHSA-2025:2701 (RHSA-2025:2701) vendor-advisory

access.redhat.com/errata/RHSA-2025:2710 (RHSA-2025:2710) vendor-advisory

access.redhat.com/errata/RHSA-2025:3301 (RHSA-2025:3301) vendor-advisory

access.redhat.com/errata/RHSA-2025:3573 (RHSA-2025:3573) vendor-advisory

access.redhat.com/security/cve/CVE-2024-9675 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2317458 (RHBZ#2317458) issue-tracking

cve.org (CVE-2024-9675)

nvd.nist.gov (CVE-2024-9675)

Download JSON