CVE-2024-9675

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-9675

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9675.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-9675

Aliases

Downstream

BELL-CVE-2024-9675

DEBIAN-CVE-2024-9675

OESA-2025-1053

OESA-2025-1055

RHSA-2024:8563

RHSA-2024:8675

RHSA-2024:8679

RHSA-2024:8686

RHSA-2024:8690

RHSA-2024:8700

RHSA-2024:8703

RHSA-2024:8707

RHSA-2024:8708

RHSA-2024:8709

RHSA-2024:8846

RHSA-2024:8984

RHSA-2024:8994

RHSA-2024:9051

RHSA-2024:9454

RHSA-2024:9459

SUSE-SU-2024:3728-1

SUSE-SU-2024:3741-1

SUSE-SU-2024:3911-1

SUSE-SU-2024:3988-1

SUSE-SU-2024:4303-1

SUSE-SU-2025:0267-1

SUSE-SU-2025:0775-1

UBUNTU-CVE-2024-9675

openSUSE-SU-2024:0350-1

openSUSE-SU-2024:14405-1

openSUSE-SU-2024:14409-1

openSUSE-SU-2024:14447-1

Related

Withdrawn

2026-01-27T04:19:52.670101Z

Published

2024-10-09T15:15:17Z

Modified

2026-01-27T04:19:52.670101Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

References

Affected packages