CVE-2024-9675

MEDIUM EPSS 31.0%

Published Oct 9, 20241y ago · Modified Jun 25, 20265d ago

4.4 CVSS 3.1

Medium

Published Oct 9, 2024 1y ago

Last Modified Jun 25, 2026 5d ago

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

CVSS Details

Base Score

4.4

Exploitability

1.8

Impact

2.5

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

31.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 45

Vendor	Product	Version	Range
buildah_project	buildah	*	any
redhat	openshift_container_platform	4.13	any
redhat	openshift_container_platform	4.14	any
redhat	openshift_container_platform	4.15	any
redhat	openshift_container_platform	4.16	any
redhat	openshift_container_platform	4.17	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux_eus	8.8	any
redhat	enterprise_linux_eus	9.0	any
redhat	enterprise_linux_eus	9.2	any
redhat	enterprise_linux_eus	9.4	any
redhat	enterprise_linux_for_arm_64	8.0_aarch64	any
redhat	enterprise_linux_for_arm_64	9.0_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	9.0_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	9.2_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	any
redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	any
redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	9.0_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	9.2_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	any
redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	any
redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	any
redhat	enterprise_linux_for_power_little_endian_eus	8.8_ppc64le	any
redhat	enterprise_linux_for_power_little_endian_eus	9.0_ppc64le	any
redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le	any
redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	any
redhat	enterprise_linux_server_aus	8.6	any
redhat	enterprise_linux_server_aus	9.2	any
redhat	enterprise_linux_server_aus	9.4	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	any
redhat	enterprise_linux_server_tus	8.6	any
redhat	enterprise_linux_server_tus	8.8	any
redhat	enterprise_linux_update_services_for_sap_solutions	8.6	any
redhat	enterprise_linux_update_services_for_sap_solutions	8.8	any
redhat	enterprise_linux_update_services_for_sap_solutions	9.0	any
redhat	enterprise_linux_update_services_for_sap_solutions	9.2	any
redhat	enterprise_linux_update_services_for_sap_solutions	9.4	any

References 25

access.redhat.com https://access.redhat.com/errata/RHSA-2024:8563

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8675

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8679

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8686

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8690

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8700

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8703

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8707

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8708

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8709

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8846

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8984

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:8994

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:9051

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:9454

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2024:9459

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2445

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2449

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2454

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2701

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2710

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:3301

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:3573

Third Party Advisory
access.redhat.com https://access.redhat.com/security/cve/CVE-2024-9675

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2317458

Issue Tracking

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.