CVE-2024-9407

Improper Input Validation (CWE-20)

Published: Oct 1, 2024 / Updated: 49d ago

010
CVSS 4.7EPSS 0.04%Medium
CVE info copied to clipboard

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

Timeline

Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-9407).

Oct 1, 2024 at 11:16 AM
CVSS

A CVSS base score of 4.7 has been assigned.

Oct 1, 2024 at 11:16 AM / redhat-cve-advisories
First Article

Feedly found the first article mentioning CVE-2024-9407. See article

Oct 1, 2024 at 11:21 AM / Red Hat CVE Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 1, 2024 at 11:21 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 1, 2024 at 8:41 PM
CVE Assignment

NVD published the first details for CVE-2024-9407

Oct 1, 2024 at 9:15 PM
Vendor Advisory

GitHub Advisories released a security advisory.

Oct 1, 2024 at 9:31 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 2, 2024 at 10:19 AM
CVSS

A CVSS base score of 4.7 has been assigned.

Oct 4, 2024 at 1:56 PM / nvd
Static CVE Timeline Graph

Affected Systems

Docker/docker
+null more

Patches

bugzilla.redhat.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

[GHSA-fhqq-8f65-5xfc] Improper Input Validation in Buildah and Podman
Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction.

News

RHSA-2024:9615: Moderate: OpenShift Container Platform 4.16.23 bug fix and security update
All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. Red Hat OpenShift Container Platform release 4.16.23 is now available with updates to packages and images that fix several bugs and add enhancements.This release includes a security update for Red Hat OpenShift Container Platform 4.16.Red Hat Product Security has rated this update as having a security impact of Moderate.
RockyLinux 9 : podman (RLSA-2024:9051)
Nessus Plugin ID 211601 with Medium Severity Synopsis The remote RockyLinux host is missing one or more security updates. Description The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9051 advisory. * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
rocky_linux RLSA-2024:9051: RLSA-2024:9051: podman security update (Important)
Development Last Updated: 11/19/2024 CVEs: CVE-2024-9407 , CVE-2024-9676 , CVE-2024-9675
Red Hat Enterprise Linux 9 update for buildah
This issue can be exploited to mount sensitive directories from the host into a container during the build process and, A local user can create a symbolic link to an arbitrary file on the system, force the library to read it and perform a denial of service (DoS) attack.
KRB5, Python, Libvirt, and more updates for AlmaLinux
The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9452.html
See 80 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:High
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI