Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2024-11218
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
| Software | From | Fixed in |
|---|---|---|
github.com/containers/buildah
|
1.38.0 | 1.38.1 |
|
github.com/containers/buildah
|
1.37.0 | 1.37.6 |
|
github.com/containers/buildah
|
1.35.0 | 1.35.5 |
|
github.com/containers/buildah
|
- | 1.33.12 |
- https://access.redhat.com/errata/RHSA-2025:0830
- https://access.redhat.com/errata/RHSA-2025:0878
- https://access.redhat.com/errata/RHSA-2025:0922
- https://access.redhat.com/errata/RHSA-2025:0923
- https://access.redhat.com/errata/RHSA-2025:1186
- https://access.redhat.com/errata/RHSA-2025:1187
- https://access.redhat.com/errata/RHSA-2025:1188
- https://access.redhat.com/errata/RHSA-2025:1189
- https://access.redhat.com/errata/RHSA-2025:1207
- https://access.redhat.com/errata/RHSA-2025:1275
- https://access.redhat.com/errata/RHSA-2025:1295
- https://access.redhat.com/errata/RHSA-2025:1296
- https://access.redhat.com/errata/RHSA-2025:1372
- https://access.redhat.com/errata/RHSA-2025:1453
- https://access.redhat.com/errata/RHSA-2025:1707
- https://access.redhat.com/errata/RHSA-2025:1713
- https://access.redhat.com/errata/RHSA-2025:1908
- https://access.redhat.com/errata/RHSA-2025:1910
- https://access.redhat.com/errata/RHSA-2025:1914
- https://access.redhat.com/errata/RHSA-2025:2441
- https://access.redhat.com/errata/RHSA-2025:2443
- https://access.redhat.com/errata/RHSA-2025:2454
- https://access.redhat.com/errata/RHSA-2025:2456
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/errata/RHSA-2025:2703
- https://access.redhat.com/errata/RHSA-2025:2710
- https://access.redhat.com/errata/RHSA-2025:2712
- https://access.redhat.com/errata/RHSA-2025:3577
- https://access.redhat.com/errata/RHSA-2025:3798
- https://access.redhat.com/security/cve/CVE-2024-11218
- https://bugzilla.redhat.com/show_bug.cgi?id=2326231
- https://github.com/containers/buildah/pull/5918
- https://github.com/containers/buildah/security/advisories/GHSA-5vpc-35f4-r8w6
- https://issues.redhat.com/browse/RHEL-67616
- https://issues.redhat.com/browse/RHEL-67618
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime