CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:containers:common:*:*:*:*:*:go:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

26 Nov 2024, 19:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:10147 -

22 Nov 2024, 19:34

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:a:containers:common:*:*:*:*:*:go:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
First Time Redhat enterprise Linux
Containers
Containers common
Redhat openshift Container Platform
Redhat
References () https://access.redhat.com/errata/RHSA-2024:7925 - () https://access.redhat.com/errata/RHSA-2024:7925 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8039 - () https://access.redhat.com/errata/RHSA-2024:8039 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8112 - () https://access.redhat.com/errata/RHSA-2024:8112 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8238 - () https://access.redhat.com/errata/RHSA-2024:8238 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8263 - () https://access.redhat.com/errata/RHSA-2024:8263 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8428 - () https://access.redhat.com/errata/RHSA-2024:8428 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8690 - () https://access.redhat.com/errata/RHSA-2024:8690 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8694 - () https://access.redhat.com/errata/RHSA-2024:8694 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8846 - () https://access.redhat.com/errata/RHSA-2024:8846 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9454 - () https://access.redhat.com/errata/RHSA-2024:9454 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9459 - () https://access.redhat.com/errata/RHSA-2024:9459 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-9341 - () https://access.redhat.com/security/cve/CVE-2024-9341 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2315691 - () https://bugzilla.redhat.com/show_bug.cgi?id=2315691 - Issue Tracking, Third Party Advisory
References () https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169 - () https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169 - Product
References () https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349 - () https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349 - Product

12 Nov 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9454 -
  • () https://access.redhat.com/errata/RHSA-2024:9459 -

07 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8694 -

06 Nov 2024, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8690 -

05 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8846 -

31 Oct 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8428 -

24 Oct 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8263 -

23 Oct 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8238 -

16 Oct 2024, 01:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7925 -

15 Oct 2024, 19:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8112 -

14 Oct 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8039 -

04 Oct 2024, 13:51

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en Go. Cuando el modo FIPS está habilitado en un sistema, los entornos de ejecución de contenedores pueden manejar incorrectamente ciertas rutas de archivos debido a una validación incorrecta en los contenedores/librería Go común. Esta falla permite a un atacante explotar enlaces simbólicos y engañar al sistema para que monte directorios de host sensibles dentro de un contenedor. Este problema también permite a los atacantes acceder a archivos de host críticos, evadiendo el aislamiento previsto entre los contenedores y el sistema host.

01 Oct 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-01 19:15

Updated : 2024-11-26 19:15


NVD link : CVE-2024-9341

Mitre link : CVE-2024-9341

CVE.ORG link : CVE-2024-9341


JSON object : View

Products Affected

redhat

  • openshift_container_platform
  • enterprise_linux

containers

  • common
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')