PT-2024-7820 · Buildah+9 · Buildah+9
Published
2024-10-09
·
Updated
2025-08-25
·
CVE-2024-9675
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Buildah (affected versions not specified)
Description
A vulnerability exists in Buildah due to incorrect restriction of the path name to a directory with limited access. This issue allows an attacker to elevate privileges in the system by exploiting the fact that cache mounts do not properly validate user-specified paths for the cache, enabling a
RUN instruction in a Container file to mount an arbitrary directory from the host into the container. The attacker can access files as long as they can be accessed by the user running Buildah.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Buildah
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse