github.com/containers/buildah is vulnerable to container escape. The vulnerability is due to improper Containerfile validation which allows a dummy image with a symbolic link to the host’s root filesystem as a mount source. This flaw enabling the mount operation to incorporate the host root filesystem inside the RUN step, thereby granting read-write access to the host filesystem and facilitating a full container escape during build time.
access.redhat.com/errata/RHSA-2024:2049
access.redhat.com/errata/RHSA-2024:2055
access.redhat.com/errata/RHSA-2024:2064
access.redhat.com/errata/RHSA-2024:2066
access.redhat.com/errata/RHSA-2024:2077
access.redhat.com/errata/RHSA-2024:2084
access.redhat.com/errata/RHSA-2024:2089
access.redhat.com/errata/RHSA-2024:2090
access.redhat.com/errata/RHSA-2024:2097
access.redhat.com/errata/RHSA-2024:2098
access.redhat.com/errata/RHSA-2024:2548
access.redhat.com/errata/RHSA-2024:2645
access.redhat.com/errata/RHSA-2024:2669
access.redhat.com/errata/RHSA-2024:2672
access.redhat.com/errata/RHSA-2024:2784
access.redhat.com/errata/RHSA-2024:2877
access.redhat.com/errata/RHSA-2024:3254
access.redhat.com/security/cve/CVE-2024-1753
bugzilla.redhat.com/show_bug.cgi?id=2265513
github.com/containers/buildah/commit/a10eed09c6392c9fc66288e5759dbd601cbc3966
github.com/containers/buildah/pull/5416
github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
lists.fedoraproject.org/archives/list/[email protected]/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/
lists.fedoraproject.org/archives/list/[email protected]/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/
lists.fedoraproject.org/archives/list/[email protected]/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/