Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1753

Published: 18/03/2024 Updated: 01/05/2024

Vulnerability Summary

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

Vulnerability Trend

Vendor Advisories

Debian CVElist Bug Report Logs: golang-github-containers-buildah: CVE-2024-1753
Debian Bug report logs - #1067800 golang-github-containers-buildah: CVE-2024-1753 Package: src:golang-github-containers-buildah; Maintainer for src:golang-github-containers-buildah is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 26 Mar 2024 ...

References

CWE-269https://access.redhat.com/security/cve/CVE-2024-1753https://bugzilla.redhat.com/show_bug.cgi?id=2265513https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cfhttps://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/https://access.redhat.com/errata/RHSA-2024:2055https://access.redhat.com/errata/RHSA-2024:2064https://access.redhat.com/errata/RHSA-2024:2066https://access.redhat.com/errata/RHSA-2024:2077https://access.redhat.com/errata/RHSA-2024:2097https://access.redhat.com/errata/RHSA-2024:2098https://access.redhat.com/errata/RHSA-2024:2084https://access.redhat.com/errata/RHSA-2024:2548https://access.redhat.com/errata/RHSA-2024:2089https://access.redhat.com/errata/RHSA-2024:2090https://access.redhat.com/errata/RHSA-2024:2645https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook