Vulnerability Description
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:2049
- https://access.redhat.com/errata/RHSA-2024:2055
- https://access.redhat.com/errata/RHSA-2024:2064
- https://access.redhat.com/errata/RHSA-2024:2066
- https://access.redhat.com/errata/RHSA-2024:2077
- https://access.redhat.com/errata/RHSA-2024:2084
- https://access.redhat.com/errata/RHSA-2024:2089
- https://access.redhat.com/errata/RHSA-2024:2090
- https://access.redhat.com/errata/RHSA-2024:2097
- https://access.redhat.com/errata/RHSA-2024:2098
- https://access.redhat.com/errata/RHSA-2024:2548
- https://access.redhat.com/errata/RHSA-2024:2645
- https://access.redhat.com/errata/RHSA-2024:2669
- https://access.redhat.com/errata/RHSA-2024:2672
- https://access.redhat.com/errata/RHSA-2024:2784
FAQ
What is CVE-2024-1753?
CVE-2024-1753 is a vulnerability with a CVSS score of 8.6 (HIGH). A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy...
How severe is CVE-2024-1753?
CVE-2024-1753 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1753?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.