Description

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

INFO

Published Date :

2024-10-01T20:13:29.588Z

Last Modified :

2026-03-19T17:19:59.892Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9407 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9407.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10147 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8846 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9051 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9459 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9926 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-9407 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2315887 cve-icon cve-icon
https://github.com/advisories/GHSA-fhqq-8f65-5xfc cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-9407 cve-icon
https://security.netapp.com/advisory/ntap-20241220-0010/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-9407 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact