CVE-2024-9675

{"id": "CVE-2024-9675", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}]}, "published": "2024-10-09T15:15:17.837", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:8563", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8675", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8679", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8686", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8690", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8700", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8703", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8707", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8708", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8709", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8846", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8984", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:8994", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:9051", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:9454", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:9459", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-9675", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Buildah. Los montajes de cach\u00e9 no validan correctamente que las rutas especificadas por el usuario para el cach\u00e9 est\u00e9n dentro de nuestro directorio de cach\u00e9, lo que permite que una instrucci\u00f3n `RUN` en un archivo de contenedor monte un directorio arbitrario desde el host (lectura/escritura) en el contenedor siempre que el usuario que ejecuta Buildah pueda acceder a esos archivos."}], "lastModified": "2024-11-21T19:15:14.587", "sourceIdentifier": "secalert@redhat.com"}