Multiple vulnerabilities in buildah
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-9407 CVE-2024-9341 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
buildah Client/Desktop applications / Software for system administration |
| Vendor | Container Projects |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU98140
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-9407
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files.
Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
MitigationInstall updates from vendor's website.
Vulnerable software versionsbuildah: 1.37.0 - 1.37.3
CPE2.3- cpe:2.3:a:containers:buildah:1.37.3:*:*:*:*:*:*:*
- cpe:2.3:a:containers:buildah:1.37.2:*:*:*:*:*:*:*
- cpe:2.3:a:containers:buildah:1.37.1:*:*:*:*:*:*:*
http://bugzilla.redhat.com/show_bug.cgi?id=2315887
http://github.com/advisories/GHSA-fhqq-8f65-5xfc
http://github.com/containers/buildah/releases/tag/v1.37.4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU98141
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-9341
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container.
MitigationInstall updates from vendor's website.
Vulnerable software versionsbuildah: 1.37.0 - 1.37.3
CPE2.3- cpe:2.3:a:containers:buildah:1.37.3:*:*:*:*:*:*:*
- cpe:2.3:a:containers:buildah:1.37.2:*:*:*:*:*:*:*
- cpe:2.3:a:containers:buildah:1.37.1:*:*:*:*:*:*:*
http://bugzilla.redhat.com/show_bug.cgi?id=2315691
http://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169
http://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
