A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
History

Wed, 11 Dec 2024 04:00:00 +0000

Type Values Removed Values Added
References

Tue, 26 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
References

Fri, 22 Nov 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Containers
Containers common
Redhat openshift Container Platform
CPEs cpe:2.3:a:containers:common:*:*:*:*:*:go:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Containers
Containers common
Redhat openshift Container Platform

Tue, 12 Nov 2024 17:45:00 +0000


Thu, 07 Nov 2024 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Ironic
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/a:redhat:openshift:4.12::el9
cpe:/a:redhat:openshift_ironic:4.12::el9
Vendors & Products Redhat openshift Ironic
References

Wed, 06 Nov 2024 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el8
cpe:/a:redhat:openshift:4.13::el9
References

Wed, 06 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Tue, 05 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Thu, 31 Oct 2024 05:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:openshift:4.15::el9
References

Thu, 24 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el8
cpe:/a:redhat:openshift:4.16::el9
References

Wed, 23 Oct 2024 23:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8
cpe:/a:redhat:openshift:4.14::el9
References

Wed, 16 Oct 2024 00:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el8
cpe:/a:redhat:openshift:4.17::el9
References

Tue, 15 Oct 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Tue, 15 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Mon, 14 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Wed, 02 Oct 2024 01:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 01 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 01 Oct 2024 19:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
Title Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-59
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-01T18:52:00.686Z

Updated: 2024-12-18T04:12:39.615Z

Reserved: 2024-09-30T15:19:22.496Z

Link: CVE-2024-9341

cve-icon Vulnrichment

Updated: 2024-10-01T19:23:33.089Z

cve-icon NVD

Status : Modified

Published: 2024-10-01T19:15:09.500

Modified: 2024-12-11T04:15:06.090

Link: CVE-2024-9341

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-01T15:45:00Z

Links: CVE-2024-9341 - Bugzilla