Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

INFO

Published Date :

2024-10-09T14:32:11.922Z

Last Modified :

2026-03-18T08:03:33.527Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9675 vulnerability.

Vendors Products
Buildah Project
  • Buildah
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
  • Enterprise Linux Server Tus
  • Enterprise Linux Update Services For Sap Solutions
  • Ocp Tools
  • Openshift
  • Openshift Container Platform
  • Quay
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9675.

URL Resource
https://access.redhat.com/errata/RHSA-2024:8563 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8675 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8679 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8686 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8690 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8700 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8703 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8707 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8708 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8709 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8846 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8984 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8994 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9051 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9459 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2445 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2449 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2701 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2710 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3301 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3573 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-9675 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2317458 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-9675 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-9675 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact