CVE-2024-9341

Summary

CVE-2024-9341 identifies a vulnerability in the Go programming language's container runtimes when FIPS mode is enabled, allowing improper handling of file paths due to inadequate validation in the containers/common Go library. This flaw permits attackers to exploit symbolic links, enabling them to mount sensitive host directories inside a container and access critical host files, thereby violating the intended isolation between containers and the host system. Affected products include container runtimes using the Go library that operates in FIPS mode. To remediate this issue, users should update their Go libraries and relevant container runtime software to versions that address this vulnerability. The potential danger posed by this flaw is significant, as it can lead to unauthorized access to sensitive data, underscoring the need for prompt action given its medium severity rating and high confidentiality impact.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.