How severe is CVE-2024-9407?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-9407?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-9407 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

Related Vulnerabilities

CVE-2016-9263

MEDIUM

CVSS:4.7(Medium)

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained with...

CWE-202016

CVE-2017-0354

MEDIUM

CVSS:4.7(Medium)

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under...

CWE-202017

CVE-2017-15333

MEDIUM

CVSS:4.7(Medium)

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V...

CWE-202017

CVE-2017-15346

MEDIUM

CVSS:4.7(Medium)

CWE-202017

CVE-2017-18103

MEDIUM

CVSS:4.7(Medium)

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a c...

CWE-202017

CVE-2017-18430

MEDIUM

CVSS:4.7(Medium)

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).

CWE-202017