CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:8846
https://access.redhat.com/errata/RHSA-2024:9051
https://access.redhat.com/errata/RHSA-2024:9454
https://access.redhat.com/errata/RHSA-2024:9459
https://access.redhat.com/security/cve/CVE-2024-9407
https://bugzilla.redhat.com/show_bug.cgi?id=2315887

Configurations

No configuration.

History

12 Nov 2024, 18:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:9454 - () https://access.redhat.com/errata/RHSA-2024:9459 -

11 Nov 2024, 17:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:9051 -

05 Nov 2024, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8846 -

04 Oct 2024, 13:50

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en la opción bind-propagation de la instrucción RUN --mount de Dockerfile. El sistema no valida correctamente la entrada que se pasa a esta opción, lo que permite a los usuarios pasar parámetros arbitrarios a la instrucción mount. Este problema se puede aprovechar para montar directorios confidenciales del host en un contenedor durante el proceso de compilación y, en algunos casos, modificar el contenido de esos archivos montados. Incluso si se utiliza SELinux, esta vulnerabilidad puede eludir su protección al permitir que se vuelva a etiquetar el directorio de origen para dar al contenedor acceso a los archivos del host.

01 Oct 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-01 21:15

Updated : 2024-11-12 18:15

NVD link : CVE-2024-9407

Mitre link : CVE-2024-9407

CVE.ORG link : CVE-2024-9407

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

4.7 /10