CVE-2024-9675 (GCVE-0-2024-9675)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:32 – Updated: 2025-11-20 06:24
VLAI?
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
https://access.redhat.com/errata/RHSA-2024:8563 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8675 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8679 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8686 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8690 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8700 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8703 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8707 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8708 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8709 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8846 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8984 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8994 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9051 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9454 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9459 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2445 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2449 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2454 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2701 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2710 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:3301 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:3573 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9675 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2317458 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 1.38.0 (semver)
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020241023085649.afee755d , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020241028154646.3b538bd8 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_e4s:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020241028154646.3b538bd8 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_e4s:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020241028154646.3b538bd8 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_e4s:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020241025064551.0f77c1b7 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.33.10-1.el9_4 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:4.9.4-16.el9_4 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:5.2.2-9.el9_5 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.5-1.el9_5 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 1:1.26.8-2.el9_0 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 2:4.2.0-5.el9_0.2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 1:1.29.4-1.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:4.4.1-21.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: v4.12.0-202503181728.p0.ge355452.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.12::el8
    cpe:/a:redhat:openshift:4.12::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-16.rhaos4.13.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: v4.13.0-202503111300.p0.gb379980.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-21.rhaos4.14.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-32.rhaos4.15.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.15::el8
    cpe:/a:redhat:openshift:4.15::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.15::el8
    cpe:/a:redhat:openshift:4.15::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 4:4.9.4-12.rhaos4.16.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.16::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 5:5.2.2-1.rhaos4.17.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.17::el9
    cpe:/a:redhat:openshift:4.17::el8
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.17::el9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18 Unaffected: v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.18::el9
 Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
 Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
 Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
 Create a notification for this product.
Credits
Red Hat would like to thank Erik Sjölund (Upstream) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T16:16:25.550764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T16:24:34.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/containers/buildah",
          "defaultStatus": "unaffected",
          "packageName": "buildah",
          "versions": [
            {
              "lessThan": "1.38.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020241023085649.afee755d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020241028154646.3b538bd8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020241028154646.3b538bd8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020241028154646.3b538bd8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020241025064551.0f77c1b7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.33.10-1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-16.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:5.2.2-9.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.37.5-1.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.26.8-2.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:4.2.0-5.el9_0.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.29.4-1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:4.4.1-21.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8",
            "cpe:/a:redhat:openshift:4.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.12.0-202503181728.p0.ge355452.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-16.rhaos4.13.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.13.0-202503111300.p0.gb379980.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-21.rhaos4.14.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el8",
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-32.rhaos4.15.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el8",
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-12.rhaos4.16.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9",
            "cpe:/a:redhat:openshift:4.17::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "5:5.2.2-1.rhaos4.17.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "buildah",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "conmon",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quay:3"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-builder-rhel8",
          "product": "Red Hat Quay 3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Erik Sj\u00f6lund (Upstream) for reporting this issue."
        }
      ],
      "datePublic": "2024-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T06:24:04.863Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:8563",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8563"
        },
        {
          "name": "RHSA-2024:8675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8675"
        },
        {
          "name": "RHSA-2024:8679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8679"
        },
        {
          "name": "RHSA-2024:8686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8686"
        },
        {
          "name": "RHSA-2024:8690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8690"
        },
        {
          "name": "RHSA-2024:8700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8700"
        },
        {
          "name": "RHSA-2024:8703",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8703"
        },
        {
          "name": "RHSA-2024:8707",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8707"
        },
        {
          "name": "RHSA-2024:8708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8708"
        },
        {
          "name": "RHSA-2024:8709",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8709"
        },
        {
          "name": "RHSA-2024:8846",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8846"
        },
        {
          "name": "RHSA-2024:8984",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8984"
        },
        {
          "name": "RHSA-2024:8994",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8994"
        },
        {
          "name": "RHSA-2024:9051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9051"
        },
        {
          "name": "RHSA-2024:9454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9454"
        },
        {
          "name": "RHSA-2024:9459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9459"
        },
        {
          "name": "RHSA-2025:2445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2445"
        },
        {
          "name": "RHSA-2025:2449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2449"
        },
        {
          "name": "RHSA-2025:2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2454"
        },
        {
          "name": "RHSA-2025:2701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2701"
        },
        {
          "name": "RHSA-2025:2710",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2710"
        },
        {
          "name": "RHSA-2025:3301",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:3301"
        },
        {
          "name": "RHSA-2025:3573",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:3573"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9675"
        },
        {
          "name": "RHBZ#2317458",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T02:45:06.343000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-09T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Buildah: buildah allows arbitrary directory mount",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9675",
    "datePublished": "2024-10-09T14:32:11.922Z",
    "dateReserved": "2024-10-09T02:47:50.357Z",
    "dateUpdated": "2025-11-20T06:24:04.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A0BE187-A047-44BB-A0EC-E91A6AF6DD60\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"486B3F69-1551-4F8B-B25B-A5864248811B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4716808D-67EB-4E14-9910-B248A500FAFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EBB38E1-4161-402D-8A37-74D92891AAC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4B66318-326A-43E4-AF14-015768296E4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62C31522-0A17-4025-B269-855C7F4B45C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C74F6FA-FA6C-4648-9079-91446E45EE47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B03506D7-0FCD-47B7-90F6-DDEEB5C5A733\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A47EF78-A5B6-4B89-8B74-EEB0647C549F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E25C58BA-4E10-4D6A-84C4-FB48A4185486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A879F9F-F087-45D4-BD65-2990276477D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01363FFA-F7A6-43FC-8D47-E67F95410095\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32AF225E-94C0-4D07-900C-DD868C05F554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB056B47-1F45-4CE4-81F6-872F66C24C29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22C65F53-D624-48A9-A9B7-4C78A31E19F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26041661-0280-4544-AA0A-BC28FCED4699\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F843B777-5C64-4CAE-80D6-89DC2C9515B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23D471AC-7DCA-4425-AD91-E5D928753A8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F91F9255-4EE1-43C7-8831-D2B6C228BFD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99952557-C766-4B9E-8BF5-DBBA194349FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76C24D94-834A-4E9D-8F73-624AFA99AAA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F32CA554-F9D7-425B-8F1C-89678507F28C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39D345D3-108A-4551-A112-5EE51991411A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C138DAF-9769-43B0-A9E6-320738EB3415\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18037675-B4D3-401E-96D3-9EA3C1993920\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DA48001-66CC-4E71-A944-68D7D654031E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC6A25CB-907A-4D05-8460-A2488938A8BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C30F155-DF7D-4195-92D9-A5B80407228D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1272DF03-7674-4BD4-8E64-94004B195448\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1CA946D-1665-4874-9D41-C7D963DD1F56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB096D5D-E8F6-4164-8B76-0217B7151D30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01ED4F33-EBE7-4C04-8312-3DA580EFFB68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"083AAC55-E87B-482A-A1F4-8F2DEB90CB23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FD9BF0E-7ACF-4A83-B754-6E3979ED903F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18B7F648-9A31-4EE5-A215-C860616A4AB7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad en Buildah. Los montajes de cach\\u00e9 no validan correctamente que las rutas especificadas por el usuario para el cach\\u00e9 est\\u00e9n dentro de nuestro directorio de cach\\u00e9, lo que permite que una instrucci\\u00f3n `RUN` en un archivo de contenedor monte un directorio arbitrario desde el host (lectura/escritura) en el contenedor siempre que el usuario que ejecuta Buildah pueda acceder a esos archivos.\"}]",
      "id": "CVE-2024-9675",
      "lastModified": "2024-12-13T18:15:22.507",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-10-09T15:15:17.837",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2024:8563\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8675\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8679\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8686\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8690\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8700\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8703\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8707\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8708\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8709\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8846\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8984\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8994\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9051\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9454\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9459\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-9675\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2317458\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9675\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-10-09T15:15:17.837\",\"lastModified\":\"2025-08-25T02:11:05.730\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en Buildah. Los montajes de cach\u00e9 no validan correctamente que las rutas especificadas por el usuario para el cach\u00e9 est\u00e9n dentro de nuestro directorio de cach\u00e9, lo que permite que una instrucci\u00f3n `RUN` en un archivo de contenedor monte un directorio arbitrario desde el host (lectura/escritura) en el contenedor siempre que el usuario que ejecuta Buildah pueda acceder a esos archivos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A0BE187-A047-44BB-A0EC-E91A6AF6DD60\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"486B3F69-1551-4F8B-B25B-A5864248811B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4716808D-67EB-4E14-9910-B248A500FAFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBB38E1-4161-402D-8A37-74D92891AAC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B66318-326A-43E4-AF14-015768296E4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C31522-0A17-4025-B269-855C7F4B45C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C74F6FA-FA6C-4648-9079-91446E45EE47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B03506D7-0FCD-47B7-90F6-DDEEB5C5A733\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A47EF78-A5B6-4B89-8B74-EEB0647C549F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25C58BA-4E10-4D6A-84C4-FB48A4185486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A879F9F-F087-45D4-BD65-2990276477D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01363FFA-F7A6-43FC-8D47-E67F95410095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32AF225E-94C0-4D07-900C-DD868C05F554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB056B47-1F45-4CE4-81F6-872F66C24C29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C65F53-D624-48A9-A9B7-4C78A31E19F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26041661-0280-4544-AA0A-BC28FCED4699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F843B777-5C64-4CAE-80D6-89DC2C9515B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23D471AC-7DCA-4425-AD91-E5D928753A8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F91F9255-4EE1-43C7-8831-D2B6C228BFD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99952557-C766-4B9E-8BF5-DBBA194349FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C24D94-834A-4E9D-8F73-624AFA99AAA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F32CA554-F9D7-425B-8F1C-89678507F28C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39D345D3-108A-4551-A112-5EE51991411A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C138DAF-9769-43B0-A9E6-320738EB3415\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18037675-B4D3-401E-96D3-9EA3C1993920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA48001-66CC-4E71-A944-68D7D654031E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC6A25CB-907A-4D05-8460-A2488938A8BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C30F155-DF7D-4195-92D9-A5B80407228D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1272DF03-7674-4BD4-8E64-94004B195448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1CA946D-1665-4874-9D41-C7D963DD1F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB096D5D-E8F6-4164-8B76-0217B7151D30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01ED4F33-EBE7-4C04-8312-3DA580EFFB68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"083AAC55-E87B-482A-A1F4-8F2DEB90CB23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD9BF0E-7ACF-4A83-B754-6E3979ED903F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18B7F648-9A31-4EE5-A215-C860616A4AB7\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8563\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8675\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8679\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8686\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8690\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8700\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8703\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8707\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8708\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8709\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8846\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8984\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8994\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:9051\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:9454\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:9459\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:2445\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:2449\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:2454\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:2701\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:2710\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:3301\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:3573\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-9675\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2317458\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T16:16:25.550764Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T16:24:30.988Z\"}}], \"cna\": {\"title\": \"Buildah: buildah allows arbitrary directory mount\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Erik Sj\\u00f6lund (Upstream) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.38.0\", \"versionType\": \"semver\"}], \"packageName\": \"buildah\", \"collectionURL\": \"https://github.com/containers/buildah\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8100020241023085649.afee755d\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"container-tools:rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8060020241028154646.3b538bd8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"container-tools:rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8060020241028154646.3b538bd8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"container-tools:rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8060020241028154646.3b538bd8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"container-tools:rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8080020241025064551.0f77c1b7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"container-tools:rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2:1.33.10-1.el9_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"buildah\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4:4.9.4-16.el9_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4:5.2.2-9.el9_5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2:1.37.5-1.el9_5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"buildah\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:1.26.8-2.el9_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"buildah\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2:4.2.0-5.el9_0.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:1.29.4-1.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"buildah\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2:4.4.1-21.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el8\", \"cpe:/a:redhat:openshift:4.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.12.0-202503181728.p0.ge355452.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el8\", \"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3:4.4.1-16.rhaos4.13.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el8\", \"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.13.0-202503111300.p0.gb379980.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\", \"cpe:/a:redhat:openshift:4.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3:4.4.1-21.rhaos4.14.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\", \"cpe:/a:redhat:openshift:4.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el8\", \"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3:4.4.1-32.rhaos4.15.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el8\", \"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el8\", \"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4:4.9.4-12.rhaos4.16.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\", \"cpe:/a:redhat:openshift:4.17::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"5:5.2.2-1.rhaos4.17.el8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"openshift4/ose-docker-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"packageName\": \"ocp-tools-4/jenkins-agent-base-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"packageName\": \"ocp-tools-4/jenkins-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"buildah\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"podman\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"skopeo\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"conmon\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"buildah\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"conmon\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"cri-o\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"packageName\": \"quay/quay-builder-rhel8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-10-09T02:45:06.343000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-10-09T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-10-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:8563\", \"name\": \"RHSA-2024:8563\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8675\", \"name\": \"RHSA-2024:8675\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8679\", \"name\": \"RHSA-2024:8679\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8686\", \"name\": \"RHSA-2024:8686\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8690\", \"name\": \"RHSA-2024:8690\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8700\", \"name\": \"RHSA-2024:8700\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8703\", \"name\": \"RHSA-2024:8703\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8707\", \"name\": \"RHSA-2024:8707\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8708\", \"name\": \"RHSA-2024:8708\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8709\", \"name\": \"RHSA-2024:8709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8846\", \"name\": \"RHSA-2024:8846\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8984\", \"name\": \"RHSA-2024:8984\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8994\", \"name\": \"RHSA-2024:8994\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9051\", \"name\": \"RHSA-2024:9051\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9454\", \"name\": \"RHSA-2024:9454\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9459\", \"name\": \"RHSA-2024:9459\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:2445\", \"name\": \"RHSA-2025:2445\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:2449\", \"name\": \"RHSA-2025:2449\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:2454\", \"name\": \"RHSA-2025:2454\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:2701\", \"name\": \"RHSA-2025:2701\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:2710\", \"name\": \"RHSA-2025:2710\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:3301\", \"name\": \"RHSA-2025:3301\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:3573\", \"name\": \"RHSA-2025:3573\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-9675\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2317458\", \"name\": \"RHBZ#2317458\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T06:24:04.863Z\"}, \"x_redhatCweChain\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T06:24:04.863Z\", \"dateReserved\": \"2024-10-09T02:47:50.357Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-10-09T14:32:11.922Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.