A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Affected Packages

Go github.com/containers/buildah

Affected versions: 0 (fixed in 1.38.0)

Related CVEs

CVE-2024-9675

Key Information

GHSA ID

GHSA-586p-749j-fhwp

Published

October 9, 2024 3:32 PM

Last Modified

April 11, 2025 3:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/containers/buildah

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.