目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2024-11218— Buildah 安全漏洞

CVSS 8.6 · High EPSS 0.17% · P37

I. CVE-2024-11218の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
特权管理不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Buildah 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Buildah是Buildah开源的一款支持构建OCI容器映像的工具。 Buildah存在安全漏洞,该漏洞源于使用 --jobs=2 和竞争条件构建恶意 Containerfile,导致容器逃逸和主机文件枚举。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
-- 0 ~ 1.33.12 -
Red HatRed Hat Enterprise Linux 8 8100020250124120243.afee755d ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 8060020250203202123.3b538bd8 ~ * cpe:/a:redhat:rhel_aus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service 8060020250203202123.3b538bd8 ~ * cpe:/a:redhat:rhel_aus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions 8060020250203202123.3b538bd8 ~ * cpe:/a:redhat:rhel_aus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support 8080020250207173112.0f77c1b7 ~ * cpe:/a:redhat:rhel_eus:8.8::appstream
Red HatRed Hat Enterprise Linux 9 4:5.2.2-13.el9_5 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 2:1.37.6-1.el9_5 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions 2:4.2.0-6.el9_0 ~ * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions 1:1.26.9-1.el9_0 ~ * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 1:1.29.5-1.el9_2 ~ * cpe:/a:redhat:rhel_eus:9.2::appstream
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 2:4.4.1-22.el9_2 ~ * cpe:/a:redhat:rhel_eus:9.2::appstream
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support 2:1.33.12-2.el9_4 ~ * cpe:/a:redhat:rhel_eus:9.4::appstream
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support 4:4.9.4-17.el9_4 ~ * cpe:/a:redhat:rhel_eus:9.4::appstream
Red HatRed Hat OpenShift Container Platform 4.12 412.86.202503052321-0 ~ * cpe:/a:redhat:openshift:4.12::el8
Red HatRed Hat OpenShift Container Platform 4.12 3:4.2.0-13.rhaos4.12.el9 ~ * cpe:/a:redhat:openshift:4.12::el8
Red HatRed Hat OpenShift Container Platform 4.13 1:1.29.5-1.rhaos4.13.el8 ~ * cpe:/a:redhat:openshift:4.13::el8
Red HatRed Hat OpenShift Container Platform 4.13 3:4.4.1-16.rhaos4.13.el8 ~ * cpe:/a:redhat:openshift:4.13::el8
Red HatRed Hat OpenShift Container Platform 4.13 413.92.202503112237-0 ~ * cpe:/a:redhat:openshift:4.13::el8
Red HatRed Hat OpenShift Container Platform 4.14 3:4.4.1-22.rhaos4.14.el8 ~ * cpe:/a:redhat:openshift:4.14::el8
Red HatRed Hat OpenShift Container Platform 4.14 1:1.29.5-1.rhaos4.14.el8 ~ * cpe:/a:redhat:openshift:4.14::el8
Red HatRed Hat OpenShift Container Platform 4.14 414.92.202503100617-0 ~ * cpe:/a:redhat:openshift:4.14::el8
Red HatRed Hat OpenShift Container Platform 4.14 1:1.29.5-1.rhaos4.14.el8 ~ * cpe:/a:redhat:openshift:4.14::el8
Red HatRed Hat OpenShift Container Platform 4.15 3:4.4.1-33.rhaos4.15.el8 ~ * cpe:/a:redhat:openshift:4.15::el8
Red HatRed Hat OpenShift Container Platform 4.15 1:1.29.5-1.rhaos4.15.el8 ~ * cpe:/a:redhat:openshift:4.15::el8
Red HatRed Hat OpenShift Container Platform 4.15 415.92.202503060749-0 ~ * cpe:/a:redhat:openshift:4.15::el8
Red HatRed Hat OpenShift Container Platform 4.15 1:1.29.5-1.rhaos4.15.el8 ~ * cpe:/a:redhat:openshift:4.15::el8
Red HatRed Hat OpenShift Container Platform 4.16 4:4.9.4-13.rhaos4.16.el8 ~ * cpe:/a:redhat:openshift:4.16::el8
Red HatRed Hat OpenShift Container Platform 4.16 2:1.33.12-1.rhaos4.16.el8 ~ * cpe:/a:redhat:openshift:4.16::el8
Red HatRed Hat OpenShift Container Platform 4.16 416.94.202502180249-0 ~ * cpe:/a:redhat:openshift:4.16::el9
Red HatRed Hat OpenShift Container Platform 4.16 2:1.33.12-1.rhaos4.16.el8 ~ * cpe:/a:redhat:openshift:4.16::el8
Red HatRed Hat OpenShift Container Platform 4.17 5:5.2.2-2.rhaos4.17.el8 ~ * cpe:/a:redhat:openshift:4.17::el8
Red HatRed Hat OpenShift Container Platform 4.17 2:1.33.12-1.rhaos4.17.el8 ~ * cpe:/a:redhat:openshift:4.17::el8
Red HatRed Hat OpenShift Container Platform 4.17 2:1.33.12-1.rhaos4.17.el8 ~ * cpe:/a:redhat:openshift:4.17::el8
Red HatRed Hat OpenShift Container Platform 4.17 417.94.202504080421-0 ~ * cpe:/a:redhat:openshift:4.17::el9
Red HatRed Hat OpenShift Container Platform 4.18 2:1.33.12-1.rhaos4.18.el9 ~ * cpe:/a:redhat:openshift:4.18::el8
Red HatRed Hat OpenShift Container Platform 4.18 418.94.202504021150-0 ~ * cpe:/a:redhat:openshift:4.18::el9
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10

II. CVE-2024-11218の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2024-11218のインテリジェンス情報

登录查看更多情报信息。

IV. 関連脆弱性

同じ弱点: CWE-269

V. CVE-2024-11218へのコメント

まだコメントはありません

コメントを残す