Main Vulnerability Database Vulnerabilities #VU98828

#VU98828 Path traversal in buildah - CVE-2024-9675

Published: October 21, 2024 / Updated: October 22, 2024

Vulnerability identifier: #VU98828

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-9675

CWE-ID: CWE-22

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
buildah

Software vendor:
Container Projects

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in cache mounts. A local user can execute a 'RUN' instruction in a Container file to mount an arbitrary directory from the host into the container as long as those files can be accessed by the user running Buildah.

Remediation

Install update from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2317458
https://github.com/containers/buildah/releases/tag/v1.37.5

#VU98828 Path traversal in buildah - CVE-2024-9675

Description

Remediation

External links

Please verify you're human