CVE-2024-9675

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

CVSS Metrics

• v4.0•MEDIUM•Score: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Trends

Current EPSS score: 0.14%• Percentile: 34%

Techniques & Countermeasures

• CWE-22•Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Affected Systems

• buildah_project•buildah

  na

• github.com/containers•buildah

  < 1.38.0 | < 1.37.1

• redhat•enterprise_linux

  8.0 | 9.0

• redhat•enterprise_linux_eus

  8.8 | 9.0 | 9.2 | 9.4

• redhat•enterprise_linux_for_arm_64

  8.0_aarch64 | 9.0_aarch64

• redhat•enterprise_linux_for_arm_64_eus

  8.8_aarch64 | 9.0_aarch64 | 9.2_aarch64 | 9.4_aarch64

• redhat•enterprise_linux_for_ibm_z_systems

  8.0_s390x | 9.0_s390x

• redhat•enterprise_linux_for_ibm_z_systems_eus

  8.8_s390x | 9.0_s390x | 9.2_s390x | 9.4_s390x

• redhat•enterprise_linux_for_power_little_endian

  8.0_ppc64le | 9.0_ppc64le

• redhat•enterprise_linux_for_power_little_endian_eus

  8.8_ppc64le | 9.0_ppc64le | 9.2_ppc64le | 9.4_ppc64le

• redhat•enterprise_linux_server_aus

  8.6 | 9.2 | 9.4

• redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

  8.6_ppc64le | 8.8_ppc64le | 9.0_ppc64le | 9.2_ppc64le | 9.4_ppc64le

• redhat•enterprise_linux_server_tus

  8.6 | 8.8

• redhat•enterprise_linux_update_services_for_sap_solutions

  8.6 | 8.8 | 9.0 | 9.2 | 9.4

• redhat•openshift_container_platform

  4.13 | 4.14 | 4.15 | 4.16 | 4.17

References (30)

• https://access.redhat.com/errata/RHSA-2024:8563
• https://access.redhat.com/errata/RHSA-2024:8675
• https://access.redhat.com/errata/RHSA-2024:8679
• https://access.redhat.com/errata/RHSA-2024:8686
• https://access.redhat.com/errata/RHSA-2024:8690
• https://access.redhat.com/errata/RHSA-2024:8700
• https://access.redhat.com/errata/RHSA-2024:8703
• https://access.redhat.com/errata/RHSA-2024:8707
• https://access.redhat.com/errata/RHSA-2024:8708
• https://access.redhat.com/errata/RHSA-2024:8709
• https://access.redhat.com/errata/RHSA-2024:8846
• https://access.redhat.com/errata/RHSA-2024:8984
• https://access.redhat.com/errata/RHSA-2024:8994
• https://access.redhat.com/errata/RHSA-2024:9051
• https://access.redhat.com/errata/RHSA-2024:9454
• https://access.redhat.com/errata/RHSA-2024:9459
• https://access.redhat.com/errata/RHSA-2025:2445
• https://access.redhat.com/errata/RHSA-2025:2449
• https://access.redhat.com/errata/RHSA-2025:2454
• https://access.redhat.com/errata/RHSA-2025:2701
• https://access.redhat.com/errata/RHSA-2025:2710
• https://access.redhat.com/errata/RHSA-2025:3301
• https://access.redhat.com/errata/RHSA-2025:3573
• https://access.redhat.com/security/cve/CVE-2024-9675
• https://bugzilla.redhat.com/show_bug.cgi?id=2317458
• https://nvd.nist.gov/vuln/detail/CVE-2024-9675
• https://github.com/containers/buildah/commit/aa67e5d71ee7ec07122a210baa3b13966a9e086c
• https://pkg.go.dev/vuln/GO-2024-3186
• https://github.com/containers/buildah
• https://github.com/advisories/GHSA-586p-749j-fhwp