Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2024-1753
HistoryMar 18, 2024 - 3:15 p.m.

CVE-2024-1753

2024-03-1815:15:41
CWE-269
redhat
web.nvd.nist.gov
258
cve-2024-1753
podman build
buildah
containerfile
host filesystem
security flaw
vulnerability

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-tools:4.0",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020240413110917.d7b6f4b7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-tools:rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020240417184044.e7857ab1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-tools:rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240419145834.afee755d",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-tools:rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020240422155330.3b538bd8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-tools:4.0",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020240419071711.2e213529",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-tools:rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020240422101606.0f77c1b7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "buildah",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:1.31.5-1.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4:4.9.4-3.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "buildah",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:1.26.7-1.el9_0",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2:4.2.0-3.el9_0",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "buildah",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:1.29.3-1.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2:4.4.1-16.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3:4.4.1-3.2.rhaos4.12.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3:4.4.1-6.3.rhaos4.13.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3:4.4.1-7.3.rhaos4.13.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3:4.4.1-13.4.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3:4.4.1-23.2.rhaos4.15.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "buildah",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 3.11",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "podman",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openshift:3.11"
    ]
  }
]

References

Related

debiancve 1
openvas 17
fedora 5
osv 18
rocky 4
nvd 1
alpinelinux 1
redhat 20
nessus 47
oraclelinux 5
cbl_mariner 1
redhatcve 1
github 2
vulnrichment 1
cvelist 1
redos 2
ubuntucve 1
veracode 1
almalinux 5
gentoo 2
debiancve
debiancve
CVE-2024-1753
2024-03-18 15:15:41
openvas
openvas
openSUSE: Security Advisory for buildah (SUSE-SU-2024:1144-1)
2024-04-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1059-1)
2024-05-07 00:00:00
Fedora: Security Advisory for netavark (FEDORA-2024-a267e93f8c)
2024-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: podman-4.9.4-1.fc39
2024-04-03 01:16:48
[SECURITY] Fedora 40 Update: podman-5.0.0-1.fc40
2024-03-27 00:15:39
[SECURITY] Fedora 38 Update: podman-4.9.4-1.fc38
2024-04-03 01:38:47
osv
osv
Important: buildah security update
2024-04-25 00:00:00
Important: container-tools:rhel8 security and bug fix update
2024-04-29 00:00:00
Important: container-tools:4.0 security update
2024-05-06 13:04:21
rocky
rocky
container-tools:rhel8 security and bug fix update
2024-05-06 13:04:21
container-tools:4.0 security update
2024-05-06 13:04:21
podman security and bug fix update
2024-05-10 14:32:42
nvd
nvd
CVE-2024-1753
2024-03-18 15:15:41
alpinelinux
alpinelinux
CVE-2024-1753
2024-03-18 15:15:41
redhat
redhat
(RHSA-2024:2066) Important: buildah security update
2024-04-25 15:16:32
(RHSA-2024:2097) Important: container-tools:4.0 security update
2024-04-29 10:59:28
(RHSA-2024:2084) Important: container-tools:4.0 security update
2024-04-29 01:07:49
nessus
nessus
Rocky Linux 8 : container-tools:4.0 (RLSA-2024:2084)
2024-05-06 00:00:00
SUSE SLES15 Security Update : buildah (SUSE-SU-2024:1145-1)
2024-04-09 00:00:00
RHEL 8 : container-tools:4.0 (RHSA-2024:2084)
2024-04-29 00:00:00
oraclelinux
oraclelinux
buildah security update
2024-04-25 00:00:00
container-tools:4.0 security update
2024-04-29 00:00:00
container-tools:ol8 security and bug fix update
2024-04-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-1753 affecting package libcontainers-common for versions less than 20240213-2
2024-07-23 02:21:02
redhatcve
redhatcve
CVE-2024-1753
2024-03-18 14:22:37
github
github
Container escape at build time
2024-03-19 20:06:52
Podman affected by CVE-2024-1753 container escape at build time
2024-03-28 17:53:52
vulnrichment
vulnrichment
CVE-2024-1753 Buildah: full container escape at build time
2024-03-18 14:23:44
cvelist
cvelist
CVE-2024-1753 Buildah: full container escape at build time
2024-03-18 14:23:44
redos
redos
ROS-20240410-07
2024-04-10 00:00:00
ROS-20240425-04
2024-04-25 00:00:00
ubuntucve
ubuntucve
CVE-2024-1753
2024-03-18 00:00:00
veracode
veracode
Container Escape
2024-03-27 06:48:04
almalinux
almalinux
Important: buildah security update
2024-04-25 00:00:00
Important: container-tools:4.0 security update
2024-04-29 00:00:00
Important: container-tools:rhel8 security and bug fix update
2024-04-29 00:00:00
gentoo
gentoo
Buildah: Multiple Vulnerabilities
2024-07-10 00:00:00
podman: Multiple Vulnerabilities
2024-07-05 00:00:00

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON
Related for CVE-2024-1753
debiancve1openvas17fedora5osv18rocky4nvd1alpinelinux1redhat20nessus47oraclelinux5cbl_mariner1redhatcve1github2vulnrichment1cvelist1redos2ubuntucve1veracode1almalinux5gentoo2