VYPR
Moderate severityGHSA Advisory· Published Oct 9, 2024· Updated Mar 18, 2026

Buildah: buildah allows arbitrary directory mount

CVE-2024-9675

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/containers/buildahGo
< 1.38.01.38.0

Affected products

101

Patches

Vulnerability mechanics

References

29

News mentions

0

No linked articles in our index yet.