CVE-2024-9675

HIGHScheduled

Published:Oct 9, 2024(1 year ago)

Modified:Aug 25, 2025

Local AccessNo InteractionLow Complexity

Vulnerability Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Attack Characteristics

Local AccessLow ComplexityLow PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
buildah_project	buildah	-	-
redhat	openshift_container_platform	-	-
redhat	openshift_container_platform

Timeline

Published
CVE disclosed publicly
Oct 9, 20241 year ago
Last Modified
Most recent update
Aug 25, 20258 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://access.redhat.com/errata/RHSA-2024:8563Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8675Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8679Third Party Advisory

CVSS Score

v3.1

7.8/ 10.0

HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

At a Glance

Affected Products

References

buildah_project / buildah

https://access.redhat.com/errata/RHSA-2024:8686Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8690Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8700Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8703Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8707Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8708Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8709Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8846Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8984Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:8994Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:9051Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:9454Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:9459Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2445Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2449Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2454Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2701Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:2710Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:3301Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:3573Third Party Advisory

https://access.redhat.com/security/cve/CVE-2024-9675Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2317458Issue Tracking

CVSS v3 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Impact

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

Impact Analysis

ConfidentialityHigh

NoneLowHigh

IntegrityHigh

NoneLowHigh

AvailabilityHigh

NoneLowHigh

CVE-2024-9675

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description