CVE-2024-9675

Buildah: buildah allows arbitrary directory mount

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-10-09 CVE Reserved
2024-10-09 CVE Published
2024-12-17 EPSS Updated
2025-01-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (18)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-9675	2024-10-09
https://bugzilla.redhat.com/show_bug.cgi?id=2317458	2024-10-09
https://access.redhat.com/errata/RHSA-2024:8563	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8675	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8679	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8686	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8690	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8700	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8703	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8707	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8708	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8709	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8846	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8984	2025-01-06
https://access.redhat.com/errata/RHSA-2024:8994	2025-01-06
https://access.redhat.com/errata/RHSA-2024:9051	2025-01-06
https://access.redhat.com/errata/RHSA-2024:9454	2025-01-06
https://access.redhat.com/errata/RHSA-2024:9459	2025-01-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Buildah Project Search vendor "Buildah Project"		Buildah Search vendor "Buildah Project" for product "Buildah"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Red Hat Search vendor "Red Hat"		Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Ocp Tools Search vendor "Redhat" for product "Ocp Tools"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Quay Search vendor "Redhat" for product "Quay"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Aus Search vendor "Redhat" for product "Rhel Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel E4s Search vendor "Redhat" for product "Rhel E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Tus Search vendor "Redhat" for product "Rhel Tus"				*		-		Affected
Alma Search vendor "Alma"		Linux Search vendor "Alma" for product "Linux"				*		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				*		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Arm 64 Eus Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Update Services For Sap Solutions"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Aus Search vendor "Redhat" for product "Rhel Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel E4s Search vendor "Redhat" for product "Rhel E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Tus Search vendor "Redhat" for product "Rhel Tus"				*		-		Affected
Rocky Search vendor "Rocky"		Linux Search vendor "Rocky" for product "Linux"				*		-		Affected
Suse Search vendor "Suse"		Packagehub Search vendor "Suse" for product "Packagehub"				*		-		Affected
Suse Search vendor "Suse"		Sle-module-containers Search vendor "Suse" for product "Sle-module-containers"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc Search vendor "Suse" for product "Sle Hpc"				*		-		Affected
Suse Search vendor "Suse"		Sles-ltss Search vendor "Suse" for product "Sles-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sles Search vendor "Suse" for product "Sles"				*		-		Affected
Suse Search vendor "Suse"		Sles Sap Search vendor "Suse" for product "Sles Sap"				*		-		Affected