admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/11xxx/CVE-2024-11218.json
CVE Team 109f2768cd
"-Synchronized-Data."
2025-02-10 16:00:34 +00:00

375 lines
19 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-11218",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "8060020250203202123.3b538bd8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "8060020250203202123.3b538bd8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "8060020250203202123.3b538bd8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:5.2.2-13.el9_5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.37.6-1.el9_5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:4.2.0-6.el9_0",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.26.9-1.el9_0",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.33.12-2.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:4.9.4-17.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.16",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:4.9.4-15.rhaos4.16.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.17",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5:5.2.2-2.rhaos4.17.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:0830",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:0830"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0878",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:0878"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0922",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:0922"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0923",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:0923"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1186",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1186"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1187",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1187"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1188",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1188"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1189",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1189"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1207",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1207"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11218",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-11218"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326231",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2326231"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled.\n\nSELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink