data/reports/GO-2024-2658.yaml - vulndb - Git at Google

 id: GO-2024-2658
 modules:
     - module: github.com/containers/buildah
       versions:
         - fixed: 1.35.1
       vulnerable_at: 1.35.0
       packages:
         - package: github.com/containers/buildah/internal/volumes
           symbols:
             - GetBindMount
           derived_symbols:
             - GetVolumes
 summary: Container escape at build time in github.com/containers/buildah
 description: |-
     A crafted container file can use a dummy image with a symbolic link to the host
     filesystem as a mount source and cause the mount operation to mount the host
     filesystem during a build-time RUN step. The commands inside the RUN step
     will then have read-write access to the host filesystem.
 cves:
     - CVE-2024-1753
 ghsas:
     - GHSA-pmf3-c36m-g5cf
 credits:
     - '@rmcnamara-snyk'
 references:
     - fix: https://github.com/containers/buildah/commit/9de9c20ff368beb84b84fe660773d352519dc1c5
     - report: https://bugzilla.redhat.com/show_bug.cgi?id=2265513
	id: GO-2024-2658
	modules:
	- module: github.com/containers/buildah
	versions:
	- fixed: 1.35.1
	vulnerable_at: 1.35.0
	packages:
	- package: github.com/containers/buildah/internal/volumes
	symbols:
	- GetBindMount
	derived_symbols:
	- GetVolumes
	summary: Container escape at build time in github.com/containers/buildah
	description: \|-
	A crafted container file can use a dummy image with a symbolic link to the host
	filesystem as a mount source and cause the mount operation to mount the host
	filesystem during a build-time RUN step. The commands inside the RUN step
	will then have read-write access to the host filesystem.
	cves:
	- CVE-2024-1753
	ghsas:
	- GHSA-pmf3-c36m-g5cf
	credits:
	- '@rmcnamara-snyk'
	references:
	- fix: https://github.com/containers/buildah/commit/9de9c20ff368beb84b84fe660773d352519dc1c5
	- report: https://bugzilla.redhat.com/show_bug.cgi?id=2265513