CVE: CVE-2024-9675

Descrizione: A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Vettore di attacco CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Riferimenti esterni

• https://access.redhat.com/errata/RHSA-2024:8563
• https://access.redhat.com/errata/RHSA-2024:8675
• https://access.redhat.com/errata/RHSA-2024:8679
• https://access.redhat.com/errata/RHSA-2024:8686
• https://access.redhat.com/errata/RHSA-2024:8690
• https://access.redhat.com/errata/RHSA-2024:8700
• https://access.redhat.com/errata/RHSA-2024:8703
• https://access.redhat.com/errata/RHSA-2024:8707
• https://access.redhat.com/errata/RHSA-2024:8708
• https://access.redhat.com/errata/RHSA-2024:8709
• https://access.redhat.com/errata/RHSA-2024:8846
• https://access.redhat.com/errata/RHSA-2024:8984
• https://access.redhat.com/errata/RHSA-2024:8994
• https://access.redhat.com/errata/RHSA-2024:9051
• https://access.redhat.com/errata/RHSA-2024:9454
• https://access.redhat.com/errata/RHSA-2024:9459
• https://access.redhat.com/errata/RHSA-2025:2445
• https://access.redhat.com/errata/RHSA-2025:2449
• https://access.redhat.com/errata/RHSA-2025:2454
• https://access.redhat.com/errata/RHSA-2025:2701
• https://access.redhat.com/errata/RHSA-2025:2710
• https://access.redhat.com/security/cve/CVE-2024-9675
• https://bugzilla.redhat.com/show_bug.cgi?id=2317458

Prodotti interessati

• Sconosciuto – Sconosciuto
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
• Red Hat – Red Hat Enterprise Linux 8.6 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.16
• Red Hat – Red Hat OpenShift Container Platform 4.17
• Red Hat – Red Hat OpenShift Container Platform 4.17
• Red Hat – Red Hat OpenShift Container Platform 4.18
• Red Hat – OpenShift Developer Tools and Services
• Red Hat – OpenShift Developer Tools and Services
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat Quay 3

Relazioni con altri prodotti

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 7
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.8 Extended Update Support
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.13
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.14
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.2 Extended Update Support
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.0 Extended Update Support
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Quay 3
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.18
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.15
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.16
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.17
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Produttore:Red Hat
Prodotto: OpenShift Developer Tools and Services
Anno: 2024
CWE: CWE-22
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2024)