CVE-2024-1753
Published: Mar 18, 2024
Modified: Mar 4, 2026
CVSS v3.1
8.6
Description
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
| Vendor | Product | Versions |
|---|---|---|
Unknown | buildah | affected 4.15.0 |
Red Hat | Red Hat Enterprise Linux 8 | unaffected 8090020240413110917.d7b6f4b7 - < * |
Red Hat | Red Hat Enterprise Linux 8 | unaffected 8090020240417184044.e7857ab1 - < * |
Red Hat | Red Hat Enterprise Linux 8 | unaffected 8100020240419145834.afee755d - < * |
Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | unaffected 8060020240422155330.3b538bd8 - < * |
Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | unaffected 8060020240419071711.2e213529 - < * |
Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | unaffected 8080020240422101606.0f77c1b7 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 1:1.31.5-1.el9_3 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 4:4.9.4-3.el9_4 - < * |
Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | unaffected 1:1.26.7-1.el9_0 - < * |
Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | unaffected 2:4.2.0-3.el9_0 - < * |
Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | unaffected 1:1.29.3-1.el9_2 - < * |
Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | unaffected 2:4.4.1-16.el9_2 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.12 | unaffected 3:4.4.1-3.2.rhaos4.12.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.13 | unaffected 3:4.4.1-6.3.rhaos4.13.el9 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.13 | unaffected 3:4.4.1-8.3.rhaos4.13.el9 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected 3:4.4.1-13.4.rhaos4.14.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.15 | unaffected 3:4.4.1-23.2.rhaos4.15.el8 - < * |
Red Hat | Red Hat Enterprise Linux 7 | All versions |
Red Hat | Red Hat Enterprise Linux 7 | All versions |
Red Hat | Red Hat OpenShift Container Platform 3.11 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now