FKIE_CVE-2024-9675

Vulnerability from fkie_nvd - Published: 2024-10-09 15:15 - Updated: 2025-08-25 02:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8563Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8675Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8679Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8686Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8690Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8700Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8703Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8707Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8708Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8709Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8846Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8984Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8994Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:9051Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:9454Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:9459Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:2445Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:2449Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:2454Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:2701Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:2710Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:3301Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:3573Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-9675Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2317458Issue Tracking
Impacted products
Vendor Product Version
buildah_project buildah -
redhat openshift_container_platform 4.13
redhat openshift_container_platform 4.14
redhat openshift_container_platform 4.15
redhat openshift_container_platform 4.16
redhat openshift_container_platform 4.17
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
redhat enterprise_linux_for_arm_64_eus 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat enterprise_linux_update_services_for_sap_solutions 9.0
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat enterprise_linux_update_services_for_sap_solutions 9.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:buildah_project:buildah:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A0BE187-A047-44BB-A0EC-E91A6AF6DD60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "486B3F69-1551-4F8B-B25B-A5864248811B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "4716808D-67EB-4E14-9910-B248A500FAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBB38E1-4161-402D-8A37-74D92891AAC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B66318-326A-43E4-AF14-015768296E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E25C58BA-4E10-4D6A-84C4-FB48A4185486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "18037675-B4D3-401E-96D3-9EA3C1993920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA48001-66CC-4E71-A944-68D7D654031E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C30F155-DF7D-4195-92D9-A5B80407228D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB096D5D-E8F6-4164-8B76-0217B7151D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "01ED4F33-EBE7-4C04-8312-3DA580EFFB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "083AAC55-E87B-482A-A1F4-8F2DEB90CB23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD9BF0E-7ACF-4A83-B754-6E3979ED903F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B7F648-9A31-4EE5-A215-C860616A4AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad en Buildah. Los montajes de cach\u00e9 no validan correctamente que las rutas especificadas por el usuario para el cach\u00e9 est\u00e9n dentro de nuestro directorio de cach\u00e9, lo que permite que una instrucci\u00f3n `RUN` en un archivo de contenedor monte un directorio arbitrario desde el host (lectura/escritura) en el contenedor siempre que el usuario que ejecuta Buildah pueda acceder a esos archivos."
    }
  ],
  "id": "CVE-2024-9675",
  "lastModified": "2025-08-25T02:11:05.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-09T15:15:17.837",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8563"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8675"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8679"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8686"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8690"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8700"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8703"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8707"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8708"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8709"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8846"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8984"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:8994"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:9051"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:9454"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:9459"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:2445"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:2449"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:2454"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:2701"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:2710"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:3301"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:3573"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-9675"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.