A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel Eus

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
container-tools:4.0-8090020240413110917.d7b6f4b7 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2084 2024-04-29T00:00:00Z
container-tools:rhel8-8090020240417184044.e7857ab1 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2098 2024-04-29T00:00:00Z
container-tools:rhel8-8100020240419145834.afee755d cpe:/a:redhat:enterprise_linux:8 RHSA-2024:3254 2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
container-tools:rhel8-8060020240422155330.3b538bd8 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:2090 2024-04-30T00:00:00Z
container-tools:4.0-8060020240419071711.2e213529 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:2097 2024-04-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020240422101606.0f77c1b7 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:2077 2024-04-29T00:00:00Z
Red Hat Enterprise Linux 9
buildah-1:1.31.5-1.el9_3 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2055 2024-04-25T00:00:00Z
podman-4:4.9.4-3.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2548 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
buildah-1:1.26.7-1.el9_0 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:2066 2024-04-25T00:00:00Z
podman-2:4.2.0-3.el9_0 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:2089 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
buildah-1:1.29.3-1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:2064 2024-04-25T00:00:00Z
podman-2:4.4.1-16.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:2645 2024-05-01T00:00:00Z
Red Hat OpenShift Container Platform 4.12
podman-3:4.4.1-3.2.rhaos4.12.el8 cpe:/a:redhat:openshift:4.12::el8 RHSA-2024:2784 2024-05-16T00:00:00Z
Red Hat OpenShift Container Platform 4.13
podman-3:4.4.1-6.3.rhaos4.13.el9 cpe:/a:redhat:openshift:4.13::el8 RHSA-2024:2049 2024-05-02T00:00:00Z
podman-3:4.4.1-7.3.rhaos4.13.el8 cpe:/a:redhat:openshift:4.13::el8 RHSA-2024:2877 2024-05-23T00:00:00Z
Red Hat OpenShift Container Platform 4.14
podman-3:4.4.1-13.4.rhaos4.14.el9 cpe:/a:redhat:openshift:4.14::el8 RHSA-2024:2672 2024-05-09T00:00:00Z
Red Hat OpenShift Container Platform 4.15
podman-3:4.4.1-23.2.rhaos4.15.el8 cpe:/a:redhat:openshift:4.15::el8 RHSA-2024:2669 2024-05-09T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:2049 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2064 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2066 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2077 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2084 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2089 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2090 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2097 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2098 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2548 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2645 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2669 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2672 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2784 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2877 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3254 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-1753 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2265513 cve-icon cve-icon
https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf cve-icon cve-icon cve-icon
https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-1753 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-1753 cve-icon
History

Wed, 06 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-03-18T14:23:44.213Z

Updated: 2024-11-06T14:51:35.250Z

Reserved: 2024-02-22T14:42:20.623Z

Link: CVE-2024-1753

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:22.005Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-18T15:15:41.170

Modified: 2024-11-21T08:51:14.303

Link: CVE-2024-1753

cve-icon Redhat

Severity : Important

Publid Date: 2024-03-18T00:00:00Z

Links: CVE-2024-1753 - Bugzilla