CVE-2024-9341

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-59
View all →

Vulnerability Description

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

Related Vulnerabilities

CVE-2011-1408

HIGH
CVSS:8.2(High)

ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.

CWE-592011

CVE-2018-1630

HIGH
CVSS:8.2(High)

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-F...

CWE-592018

CVE-2018-1631

HIGH
CVSS:8.2(High)

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohas...

CWE-592018

CVE-2018-1632

HIGH
CVSS:8.2(High)

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM ...

CWE-592018

CVE-2018-1633

HIGH
CVSS:8.2(High)

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X...

CWE-592018

CVE-2018-1634

HIGH
CVSS:8.2(High)

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERN...

CWE-592018