CVE-2024-9675
Buildah: buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
buildahRed Hat · OpenShift Developer Tools and ServicesRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat OpenShift Container Platform 4.12Red Hat · Red Hat OpenShift Container Platform 4.13Red Hat · Red Hat OpenShift Container Platform 4.14Red Hat · Red Hat OpenShift Container Platform 4.15Red Hat · Red Hat OpenShift Container Platform 4.16Red Hat · Red Hat OpenShift Container Platform 4.17Red Hat · Red Hat OpenShift Container Platform 4.18Red Hat · Red Hat Quay 3Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2024:8563https://access.redhat.com/errata/RHSA-2024:8675https://access.redhat.com/errata/RHSA-2024:8679https://access.redhat.com/errata/RHSA-2024:8686https://access.redhat.com/errata/RHSA-2024:8690https://access.redhat.com/errata/RHSA-2024:8700https://access.redhat.com/errata/RHSA-2024:8703https://access.redhat.com/errata/RHSA-2024:8707https://access.redhat.com/errata/RHSA-2024:8708https://access.redhat.com/errata/RHSA-2024:8709https://access.redhat.com/errata/RHSA-2024:8846https://access.redhat.com/errata/RHSA-2024:8984