CVE-2024-1753 - Vulnerability Details

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Openshift Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
container-tools:4.0-8090020240413110917.d7b6f4b7	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2084	2024-04-29T00:00:00Z
container-tools:rhel8-8090020240417184044.e7857ab1	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2098	2024-04-29T00:00:00Z
container-tools:rhel8-8100020240419145834.afee755d	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:3254	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
container-tools:rhel8-8060020240422155330.3b538bd8	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:2090	2024-04-30T00:00:00Z
container-tools:4.0-8060020240419071711.2e213529	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:2097	2024-04-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020240422101606.0f77c1b7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:2077	2024-04-29T00:00:00Z
Red Hat Enterprise Linux 9
buildah-1:1.31.5-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2055	2024-04-25T00:00:00Z
podman-4:4.9.4-3.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2548	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
buildah-1:1.26.7-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:2066	2024-04-25T00:00:00Z
podman-2:4.2.0-3.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:2089	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
buildah-1:1.29.3-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:2064	2024-04-25T00:00:00Z
podman-2:4.4.1-16.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:2645	2024-05-01T00:00:00Z
Red Hat OpenShift Container Platform 4.12
podman-3:4.4.1-3.2.rhaos4.12.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:2784	2024-05-16T00:00:00Z
Red Hat OpenShift Container Platform 4.13
podman-3:4.4.1-6.3.rhaos4.13.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:2049	2024-05-02T00:00:00Z
podman-3:4.4.1-8.3.rhaos4.13.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:2877	2024-05-23T00:00:00Z
Red Hat OpenShift Container Platform 4.14
podman-3:4.4.1-13.4.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:2672	2024-05-09T00:00:00Z
Red Hat OpenShift Container Platform 4.15
podman-3:4.4.1-23.2.rhaos4.15.el9	cpe:/a:redhat:openshift:4.15::el8	RHSA-2024:2669	2024-05-09T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-0867	A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Github GHSA	GHSA-874v-pj72-92f3	Podman affected by CVE-2024-1753 container escape at build time

Fixes

Solution

No solution given by the vendor.

Workaround

When SELinux is enabled, the container is restricted to limited read-only access.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:2049
https://access.redhat.com/errata/RHSA-2024:2055
https://access.redhat.com/errata/RHSA-2024:2064
https://access.redhat.com/errata/RHSA-2024:2066
https://access.redhat.com/errata/RHSA-2024:2077
https://access.redhat.com/errata/RHSA-2024:2084
https://access.redhat.com/errata/RHSA-2024:2089
https://access.redhat.com/errata/RHSA-2024:2090
https://access.redhat.com/errata/RHSA-2024:2097
https://access.redhat.com/errata/RHSA-2024:2098
https://access.redhat.com/errata/RHSA-2024:2548
https://access.redhat.com/errata/RHSA-2024:2645
https://access.redhat.com/errata/RHSA-2024:2669
https://access.redhat.com/errata/RHSA-2024:2672
https://access.redhat.com/errata/RHSA-2024:2784
https://access.redhat.com/errata/RHSA-2024:2877
https://access.redhat.com/errata/RHSA-2024:3254
https://access.redhat.com/security/cve/CVE-2024-1753
https://bugzilla.redhat.com/show_bug.cgi?id=2265513
https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/
https://nvd.nist.gov/vuln/detail/CVE-2024-1753
https://pkg.go.dev/vuln/GO-2024-2658
https://www.cve.org/CVERecord?id=CVE-2024-1753

History

Tue, 26 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
References		https://pkg.go.dev/vuln/GO-2024-2658

Sun, 24 Nov 2024 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269

Fri, 22 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-59

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/

Wed, 06 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-03-18T14:23:44.213Z

Updated: 2025-09-12T19:52:15.355Z

Reserved: 2024-02-22T14:42:20.623Z

Link: CVE-2024-1753

Vulnrichment

Updated: 2024-08-01T18:48:22.005Z

NVD

Status : Awaiting Analysis

Published: 2024-03-18T15:15:41.170

Modified: 2024-11-26T20:15:26.237

Link: CVE-2024-1753

Redhat

Severity : Important

Publid Date: 2024-03-18T00:00:00Z

Links: CVE-2024-1753 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object