A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
Metrics
Affected Vendors & Products
References
History
Tue, 01 Oct 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 01 Oct 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. |
Title | Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction | Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
|
Tue, 01 Oct 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-01T20:13:29.588Z
Updated: 2024-10-01T20:38:33.629Z
Reserved: 2024-10-01T10:55:34.838Z
Link: CVE-2024-9407
Vulnrichment
Updated: 2024-10-01T20:38:23.602Z
NVD
Status : Awaiting Analysis
Published: 2024-10-01T21:15:08.530
Modified: 2024-10-04T13:50:43.727
Link: CVE-2024-9407
Redhat