ALT-PU-2025-6982-4

BDU:2024-02163

HIGH8.6

Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с ошибками при управлении привилегиями, позволяющая нарушителю повысить свои привилегии

Published: 2024-03-20Modified: 2026-03-04

CVSS 3.xHIGH 8.6

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2024-1753

BDU:2024-04111

MEDIUM5.9

Уязвимость функции protojson.Unmarshal() пакета golang-google-protobuf языка программирования Golang, связанная с циклом с недостижимым условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-05-27Modified: 2026-03-04

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C

References

CVE-2024-24786

BDU:2024-05780

HIGH8.3

Уязвимость библиотеки github.com/containers/image, связанная с неправильной проверкой значения целостности, позволяющая нарушителю вызвать отказ в обслуживании, выполнить атаку обхода локального пути или оказать иное воздействие

Published: 2024-07-29Modified: 2025-04-23

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2024-3727

BDU:2024-09320

MEDIUM4.4

Уязвимость инструмента управления контейнерными образами Buildah, существующая из-за неверного ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю пользователю повысить привилегии в системе

Published: 2024-11-13Modified: 2026-03-04

CVSS 3.xMEDIUM 4.4

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0LOW 3.2

CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:P/A:N

References

CVE-2024-9675

BDU:2024-09460

MEDIUM4.7

Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с неправильной проверкой входных данных, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2024-11-14Modified: 2026-03-04

CVSS 3.xMEDIUM 4.7

CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

CVSS 2.0MEDIUM 4.4

CVSS:2.0/AV:L/AC:H/Au:M/C:C/I:P/A:N

References

CVE-2024-9407

BDU:2024-09461

MEDIUM5.4

Уязвимость библиотеки containers-common языка программирования Golang, связанная с неправильным разрешением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2024-11-14Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS 2.0MEDIUM 5.6

CVSS:2.0/AV:N/AC:H/Au:S/C:C/I:P/A:N

References

CVE-2024-9341

CVE-2022-27651

MEDIUM6.8

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Published: 2022-04-04Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References

CVE-2024-1753

HIGH8.6

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

Published: 2024-03-18Modified: 2026-04-15

CVSS 3.xHIGH 8.6

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2024-24786

HIGH7.5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Published: 2024-03-05Modified: 2026-04-15

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2024-3727

HIGH8.3

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Published: 2024-05-14Modified: 2026-04-15

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2024-9341

HIGH8.2

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

Published: 2024-10-01Modified: 2024-12-11

CVSS 3.xHIGH 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

References

CVE-2024-9407

MEDIUM4.7

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

Published: 2024-10-01Modified: 2026-04-15

CVSS 3.xMEDIUM 4.7

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

References

CVE-2024-9675

MEDIUM4.4

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Published: 2024-10-09Modified: 2025-08-25

CVSS 3.xMEDIUM 4.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

GHSA-586p-749j-fhwp

MEDIUM5.3

Buildah allows arbitrary directory mount

Published: 2024-10-09Modified: 2025-04-11

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS 4.0MEDIUM 5.3

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

References

GHSA-6wvf-f2vw-3425

HIGH8.3

github.com/containers/image allows unexpected authenticated registry accesses

Published: 2024-05-14Modified: 2025-02-25

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

GHSA-874v-pj72-92f3

MEDIUM6.3

Podman affected by CVE-2024-1753 container escape at build time

Published: 2024-03-28Modified: 2024-11-27

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 4.0MEDIUM 6.3

CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

References

GHSA-8r3f-844c-mc37

MEDIUM6.6

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

Published: 2024-03-06Modified: 2024-11-07

CVSS 3.xMEDIUM 6.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0MEDIUM 6.6

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

References

GHSA-c3g4-w6cv-6v7h

MEDIUM6.8

Non-empty default inheritable capabilities for linux container in Buildah

Published: 2022-04-01Modified: 2022-04-19

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References

GHSA-fhqq-8f65-5xfc

MEDIUM5.9

Improper Input Validation in Buildah and Podman

Published: 2024-10-02Modified: 2024-12-20

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

CVSS 4.0MEDIUM 5.9

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

References

GHSA-mc76-5925-c5p6

MEDIUM5.8

Link Following in github.com/containers/common

Published: 2024-10-02Modified: 2024-12-11

CVSS 3.xMEDIUM 5.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS 4.0MEDIUM 5.8

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

References

GHSA-pmf3-c36m-g5cf

NONE

Container escape at build time

Published: 2024-03-19Modified: 2024-04-05

References

Package update buildah in branch c10f2

Closed issues (21)

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Buildah allows arbitrary directory mount

github.com/containers/image allows unexpected authenticated registry accesses

Podman affected by CVE-2024-1753 container escape at build time

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

Non-empty default inheritable capabilities for linux container in Buildah

Improper Input Validation in Buildah and Podman

Link Following in github.com/containers/common

Container escape at build time