CVE-2024-9341 MEDIUM

CVE-2024-9341: Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-59
Published October 1, 2024
Last update March 19, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

Key dates

02Disclosure timeline

October 1, 2024 CVE published
March 19, 2026 Record updated

Related vulnerabilities

04Related CVE