Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46030

HistoryMar 27, 2024 - 6:48 a.m.

Container Escape

2024-03-2706:48:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

containerfile validation

dummy image

symbolic link

host filesystem

read-write access

container escape

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

github.com/containers/buildah is vulnerable to container escape. The vulnerability is due to improper Containerfile validation which allows a dummy image with a symbolic link to the host’s root filesystem as a mount source. This flaw enabling the mount operation to incorporate the host root filesystem inside the RUN step, thereby granting read-write access to the host filesystem and facilitating a full container escape during build time.

CPENameOperatorVersion
github.com/containers/buildaheqv1.35.0
github.com/containers/buildahlev1.34.2
github.com/containers/buildahlev1.33.6
podmaneq3.4.4-r1
podmaneq3.2.3-r0
podmaneq4.1.1-r2
podmaneq4.4.0-r2
podmaneq3.2.0-r0
podmaneq4.7.1-r0
podmaneq4.0.0-r0

Rows per page:

1-10 of 2211

References

access.redhat.com/errata/RHSA-2024:2049

access.redhat.com/errata/RHSA-2024:2055

access.redhat.com/errata/RHSA-2024:2064

access.redhat.com/errata/RHSA-2024:2066

access.redhat.com/errata/RHSA-2024:2077

access.redhat.com/errata/RHSA-2024:2084

access.redhat.com/errata/RHSA-2024:2089

access.redhat.com/errata/RHSA-2024:2090

access.redhat.com/errata/RHSA-2024:2097

access.redhat.com/errata/RHSA-2024:2098

access.redhat.com/errata/RHSA-2024:2548

access.redhat.com/errata/RHSA-2024:2645

access.redhat.com/errata/RHSA-2024:2669

access.redhat.com/errata/RHSA-2024:2672

access.redhat.com/errata/RHSA-2024:2784

access.redhat.com/errata/RHSA-2024:2877

access.redhat.com/errata/RHSA-2024:3254

access.redhat.com/security/cve/CVE-2024-1753

bugzilla.redhat.com/show_bug.cgi?id=2265513

github.com/containers/buildah/commit/a10eed09c6392c9fc66288e5759dbd601cbc3966

github.com/containers/buildah/pull/5416

github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf

github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3

lists.fedoraproject.org/archives/list/[email protected]/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/

lists.fedoraproject.org/archives/list/[email protected]/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/

lists.fedoraproject.org/archives/list/[email protected]/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

Related for VERACODE:46030

openvas12 nessus39 redhatcve1 fedora5 redhat20 oraclelinux5 github2 debiancve1 alpinelinux1 osv12 nvd1 rocky4 cve1 vulnrichment1 cvelist1 almalinux5 redos2 ubuntucve1 gentoo1