A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
References
Configurations
No configuration.
History
26 Nov 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Nov 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-59 |
21 Nov 2024, 08:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://access.redhat.com/errata/RHSA-2024:2049 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2055 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2064 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2066 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2077 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2084 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2089 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2090 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2097 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2098 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2548 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2645 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2669 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2672 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2784 - | |
References | () https://access.redhat.com/errata/RHSA-2024:2877 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3254 - | |
References | () https://access.redhat.com/security/cve/CVE-2024-1753 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2265513 - | |
References | () https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf - | |
References | () https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3 - |
16 Sep 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 May 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 May 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Apr 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Mar 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
18 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. |
18 Mar 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A flaw was found in Buildah (and subsequently Podman Build)which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. |
18 Mar 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-18 15:15
Updated : 2024-11-26 20:15
NVD link : CVE-2024-1753
Mitre link : CVE-2024-1753
CVE.ORG link : CVE-2024-1753
JSON object : View
Products Affected
No product.
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')