We found results for “”
CVE-2024-11218
Good to know:
Date: January 21, 2025
A vulnerability was found in "podman build" and "buildah." This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Severity Score
Related Resources (38)
Severity Score
Weakness Type (CWE)
Improper Privilege Management
CWE-269Top Fix
Upgrade Version
Upgrade to version github.com/containers/buildah - v1.38.1;github.com/containers/buildah - v1.37.6;github.com/containers/buildah - v1.35.5;github.com/containers/buildah - v1.33.12
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
Vulnerabilities
Projects
Contact Us


