CVE-2024-9675

Summary

CVE-2024-9675 identifies a vulnerability in Buildah that allows improper validation of user-specified cache paths, enabling a RUN instruction in a Container file to mount arbitrary host directories into the container. This affects users running Buildah, as low privileges are required to exploit this flaw, leading to potential unauthorized read/write access within containers. The vulnerability has a medium severity rating with a CVSS base score of 4.4. To remediate this issue, users are advised to update to the latest version of Buildah where the flaw has been addressed. If exploited, this vulnerability could lead to data exposure and integrity impacts, posing risks to organizational security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.