CVE-2024-9675

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVSS

No CVSS.

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:8563 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8675 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8679 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8686 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8690 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8700 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8703 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8707 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8708 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8709 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8846 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8984 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8994 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9051 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9454 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9459 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2445
https://access.redhat.com/errata/RHSA-2025:2449
https://access.redhat.com/errata/RHSA-2025:2454
https://access.redhat.com/errata/RHSA-2025:2701
https://access.redhat.com/errata/RHSA-2025:2710
https://access.redhat.com/errata/RHSA-2025:3301
https://access.redhat.com/errata/RHSA-2025:3573
https://access.redhat.com/security/cve/CVE-2024-9675 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317458 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
History

10 Apr 2025, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:3573 -

03 Apr 2025, 02:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:3301 -

20 Mar 2025, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2701 -

19 Mar 2025, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2710 -

13 Mar 2025, 06:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2454 -

12 Mar 2025, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2445 -

11 Mar 2025, 03:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : unknown
References
  • () https://access.redhat.com/errata/RHSA-2025:2449 -

13 Dec 2024, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

04 Dec 2024, 17:13

Type Values Removed Values Added
First Time Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Tus
Buildah Project
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Update Services For Sap Solutions
Buildah Project buildah
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Arm 64
Redhat openshift Container Platform
Redhat enterprise Linux
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Arm 64 Eus
Redhat
Redhat enterprise Linux Eus
References
  • () https://access.redhat.com/errata/RHSA-2024:8994 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8846 - () https://access.redhat.com/errata/RHSA-2024:8846 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8686 - () https://access.redhat.com/errata/RHSA-2024:8686 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8563 - () https://access.redhat.com/errata/RHSA-2024:8563 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8709 - () https://access.redhat.com/errata/RHSA-2024:8709 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8703 - () https://access.redhat.com/errata/RHSA-2024:8703 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8984 - () https://access.redhat.com/errata/RHSA-2024:8984 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-9675 - () https://access.redhat.com/security/cve/CVE-2024-9675 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8690 - () https://access.redhat.com/errata/RHSA-2024:8690 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8707 - () https://access.redhat.com/errata/RHSA-2024:8707 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9459 - () https://access.redhat.com/errata/RHSA-2024:9459 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9051 - () https://access.redhat.com/errata/RHSA-2024:9051 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8700 - () https://access.redhat.com/errata/RHSA-2024:8700 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:9454 - () https://access.redhat.com/errata/RHSA-2024:9454 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8708 - () https://access.redhat.com/errata/RHSA-2024:8708 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:8679 - () https://access.redhat.com/errata/RHSA-2024:8679 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2317458 - () https://bugzilla.redhat.com/show_bug.cgi?id=2317458 - Issue Tracking
References () https://access.redhat.com/errata/RHSA-2024:8675 - () https://access.redhat.com/errata/RHSA-2024:8675 - Third Party Advisory
CVSS v2 : unknown
v3 : 4.4 		v2 : unknown
v3 : unknown
CWE CWE-22
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*

13 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8984 -

12 Nov 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9454 -
  • () https://access.redhat.com/errata/RHSA-2024:9459 -

11 Nov 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8700 -
  • () https://access.redhat.com/errata/RHSA-2024:9051 -

06 Nov 2024, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8690 -

06 Nov 2024, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8686 -

05 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8846 -

31 Oct 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8703 -
  • () https://access.redhat.com/errata/RHSA-2024:8707 -
  • () https://access.redhat.com/errata/RHSA-2024:8708 -
  • () https://access.redhat.com/errata/RHSA-2024:8709 -

30 Oct 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8679 -

30 Oct 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8675 -

30 Oct 2024, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8563 -

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-09 15:15

Updated : 2025-04-10 22:15

NVD link : CVE-2024-9675

Mitre link : CVE-2024-9675

JSON object : View

Products Affected

redhat

  • enterprise_linux_server_aus
  • enterprise_linux
  • enterprise_linux_server_tus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_arm_64
  • enterprise_linux_update_services_for_sap_solutions
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_eus
  • enterprise_linux_for_arm_64_eus
  • openshift_container_platform

buildah_project

  • buildah
CWE

No CWE.