VDB
DEBIAN-CVE-2024-9675
DEBIAN-CVE-2024-9675
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Risk Scores
CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | golang-github-containers-buildah | 0, 0 |
| Debian:11 | golang-github-containers-buildah | *, 1.35.3+ds1-3, 1.37.0+ds1-1 |
| Debian:12 | golang-github-containers-buildah | 1.37.2+ds1, 0, 1.28.2+ds1-3+deb12u1 |
| Debian:14 | golang-github-containers-buildah | 0, 0 |
Timeline
- Oct 9, 2024 CVE Published
- Apr 28, 2026 CVE Updated