GHSA-pmf3-c36m-g5cf: Container escape at build time

March 19, 2024

Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed.

References

github.com/advisories/GHSA-pmf3-c36m-g5cf
github.com/containers/buildah
github.com/containers/buildah/commit/9de9c20ff368beb84b84fe660773d352519dc1c5
github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf

Detect and mitigate GHSA-pmf3-c36m-g5cf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →