CVE-2024-9675

high-risk

Published 2024-10-09

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Buildah

Openshift Container Platform

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64

Enterprise Linux For Arm 64 Eus

Enterprise Linux For Ibm Z Systems

Affected Vendors

Redhat Buildah Project

References (25)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8563

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8675

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8679

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8686

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8690

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8700

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8703

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8707

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8708

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8709

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8846

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8984

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:8994

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:9051

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:9454

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:9459

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:2445

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:2449

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:2454

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:2701

and 5 more references

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 25/34 · High