{"id":"CVE-2024-1753","details":"A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.","aliases":["GHSA-874v-pj72-92f3","GHSA-pmf3-c36m-g5cf","GO-2024-2658"],"modified":"2026-03-23T05:09:25.431396704Z","published":"2024-03-18T15:15:41.170Z","related":["ALSA-2024:2055","ALSA-2024:2084","ALSA-2024:2098","ALSA-2024:2548","ALSA-2024:3254","CGA-m7qx-2wj6-gx3g","GHSA-874v-pj72-92f3","GHSA-pmf3-c36m-g5cf","MGASA-2024-0343","RLSA-2024:3254","SUSE-SU-2024:1058-1","SUSE-SU-2024:1059-1","SUSE-SU-2024:1142-1","SUSE-SU-2024:1143-1","SUSE-SU-2024:1144-1","SUSE-SU-2024:1145-1","SUSE-SU-2024:1146-1","SUSE-SU-2024:3120-1","SUSE-SU-2024:3151-1","SUSE-SU-2024:3186-1","SUSE-SU-2025:0267-1","SUSE-SU-2025:0775-1","SUSE-SU-2025:20013-1","SUSE-SU-2025:20279-1","openSUSE-SU-2024:13784-1","openSUSE-SU-2024:13826-1"],"references":[{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2024-2658"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2024-1753"},{"type":"ADVISORY","url":"https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2089"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2098"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2064"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2066"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2672"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3254"},{"type":"ADVISORY","url":"https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2049"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2084"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2097"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2548"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2669"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2055"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2077"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2090"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2645"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2784"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2877"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265513"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1753.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}