CVE-2024-9675

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:8563 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8675 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8679 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8686 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8690 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8700 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8703 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8707 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8708 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8709 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8846 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8984 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8994 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9051 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9454 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9459 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2445 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2449 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2454 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2701 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2710 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3301 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3573 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-9675 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317458 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
History

25 Aug 2025, 02:11

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2025:2445 - () https://access.redhat.com/errata/RHSA-2025:2445 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2449 - () https://access.redhat.com/errata/RHSA-2025:2449 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2454 - () https://access.redhat.com/errata/RHSA-2025:2454 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2701 - () https://access.redhat.com/errata/RHSA-2025:2701 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2710 - () https://access.redhat.com/errata/RHSA-2025:2710 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:3301 - () https://access.redhat.com/errata/RHSA-2025:3301 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:3573 - () https://access.redhat.com/errata/RHSA-2025:3573 - Third Party Advisory

10 Apr 2025, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:3573 -

03 Apr 2025, 02:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:3301 -

20 Mar 2025, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2701 -

19 Mar 2025, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2710 -

13 Mar 2025, 06:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2454 -

12 Mar 2025, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2445 -

11 Mar 2025, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2449 -

13 Dec 2024, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.4 		v2 : unknown
v3 : 7.8

04 Dec 2024, 17:13

Type Values Removed Values Added
First Time Redhat openshift Container Platform
Redhat enterprise Linux
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Update Services For Sap Solutions
Buildah Project buildah
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian Eus
Redhat
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems Eus
Buildah Project
References () https://access.redhat.com/errata/RHSA-2024:8563 - () https://access.redhat.com/errata/RHSA-2024:8563 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8675 - () https://access.redhat.com/errata/RHSA-2024:8675 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8679 - () https://access.redhat.com/errata/RHSA-2024:8679 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8686 - () https://access.redhat.com/errata/RHSA-2024:8686 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8690 - () https://access.redhat.com/errata/RHSA-2024:8690 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8700 - () https://access.redhat.com/errata/RHSA-2024:8700 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8703 - () https://access.redhat.com/errata/RHSA-2024:8703 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8707 - () https://access.redhat.com/errata/RHSA-2024:8707 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8708 - () https://access.redhat.com/errata/RHSA-2024:8708 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8709 - () https://access.redhat.com/errata/RHSA-2024:8709 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8846 - () https://access.redhat.com/errata/RHSA-2024:8846 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8984 - () https://access.redhat.com/errata/RHSA-2024:8984 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8994 - () https://access.redhat.com/errata/RHSA-2024:8994 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9051 - () https://access.redhat.com/errata/RHSA-2024:9051 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9454 - () https://access.redhat.com/errata/RHSA-2024:9454 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9459 - () https://access.redhat.com/errata/RHSA-2024:9459 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-9675 - () https://access.redhat.com/security/cve/CVE-2024-9675 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2317458 - () https://bugzilla.redhat.com/show_bug.cgi?id=2317458 - Issue Tracking
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

21 Nov 2024, 19:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8994 -

13 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8984 -

12 Nov 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9454 -
  • () https://access.redhat.com/errata/RHSA-2024:9459 -

11 Nov 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8700 -
  • () https://access.redhat.com/errata/RHSA-2024:9051 -

06 Nov 2024, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8690 -

06 Nov 2024, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8686 -

05 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8846 -

31 Oct 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8703 -
  • () https://access.redhat.com/errata/RHSA-2024:8707 -
  • () https://access.redhat.com/errata/RHSA-2024:8708 -
  • () https://access.redhat.com/errata/RHSA-2024:8709 -

30 Oct 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8679 -

30 Oct 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8675 -

30 Oct 2024, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8563 -

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Buildah. Los montajes de caché no validan correctamente que las rutas especificadas por el usuario para el caché estén dentro de nuestro directorio de caché, lo que permite que una instrucción `RUN` en un archivo de contenedor monte un directorio arbitrario desde el host (lectura/escritura) en el contenedor siempre que el usuario que ejecuta Buildah pueda acceder a esos archivos.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-09 15:15

Updated : 2025-08-25 02:11

NVD link : CVE-2024-9675

Mitre link : CVE-2024-9675

CVE.ORG link : CVE-2024-9675

JSON object : View

Products Affected

redhat

  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian_eus
  • openshift_container_platform
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_server_tus
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_server_aus
  • enterprise_linux_update_services_for_sap_solutions
  • enterprise_linux

buildah_project

  • buildah
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')