CVE-2024-9675

Published: Oct 9, 2024

Modified: Mar 18, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Vendor	Product	Versions
Unknown	buildah	affected `0 - < 1.38.0`
Red Hat	Red Hat Enterprise Linux 8	unaffected `8100020241023085649.afee755d - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `8060020241028154646.3b538bd8 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `8060020241028154646.3b538bd8 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `8060020241028154646.3b538bd8 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `8080020241025064551.0f77c1b7 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `2:1.33.10-1.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `4:4.9.4-16.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `4:5.2.2-9.el9_5 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `2:1.37.5-1.el9_5 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unaffected `1:1.26.8-2.el9_0 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unaffected `2:4.2.0-5.el9_0.2 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `1:1.29.4-1.el9_2 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `2:4.4.1-21.el9_2 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.12	unaffected `v4.12.0-202503181728.p0.ge355452.assembly.stream.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.13	unaffected `3:4.4.1-16.rhaos4.13.el9 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.13	unaffected `v4.13.0-202503111300.p0.gb379980.assembly.stream.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.14	unaffected `3:4.4.1-21.rhaos4.14.el9 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.14	unaffected `v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.15	unaffected `3:4.4.1-32.rhaos4.15.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.15	unaffected `v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.16	unaffected `4:4.9.4-12.rhaos4.16.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.16	unaffected `v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.17	unaffected `5:5.2.2-1.rhaos4.17.el8 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.17	unaffected `v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.18	unaffected `v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9 - < *`
Red Hat	OpenShift Developer Tools and Services	All versions
Red Hat	OpenShift Developer Tools and Services	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat Quay 3	All versions