A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
History

Tue, 01 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 01 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
Title Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Tue, 01 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction
Weaknesses CWE-20
References
Metrics threat_severity

None

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-01T20:13:29.588Z

Updated: 2024-10-01T20:38:33.629Z

Reserved: 2024-10-01T10:55:34.838Z

Link: CVE-2024-9407

cve-icon Vulnrichment

Updated: 2024-10-01T20:38:23.602Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-01T21:15:08.530

Modified: 2024-10-04T13:50:43.727

Link: CVE-2024-9407

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-01T00:00:00Z

Links: CVE-2024-9407 - Bugzilla