Login Sign Up

CVE-2024-11218

8.6 HIGH

📋 TL;DR

This vulnerability in Podman and Buildah allows container breakout through a race condition when building malicious Containerfiles with --jobs=2. Attackers can enumerate files and directories on the host system, potentially accessing sensitive information. Users of Podman and Buildah for container building are affected.

💻 Affected Systems

Products:
  • Podman
  • Buildah
Versions: Specific versions listed in Red Hat advisories (check references for exact ranges)
Operating Systems: Linux distributions using Podman/Buildah
Default Config Vulnerable: ⚠️ Yes
Notes: Requires building containers with --jobs=2 parameter and a malicious Containerfile. SELinux provides partial mitigation but doesn't prevent file enumeration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full container escape leading to host file system access, credential theft, and lateral movement within the environment.

🟠

Likely Case

Host file enumeration allowing attackers to discover sensitive files, configuration data, and credentials stored on the host.

🟢

If Mitigated

Limited impact with SELinux enabled, though file enumeration remains possible even with SELinux protection.

🌐 Internet-Facing: MEDIUM - Container build processes are typically internal, but exposed build servers could be targeted.
🏢 Internal Only: HIGH - Internal attackers or compromised containers could exploit this to escalate privileges and access host resources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to trigger container builds with specific parameters and malicious Containerfile. Race condition exploitation adds complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories for specific fixed versions

Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:0830

Restart Required: No

Instructions:

1. Update Podman and Buildah to patched versions via your package manager. 2. For RHEL: yum update podman buildah. 3. For Fedora: dnf update podman buildah. 4. Verify updates applied successfully.

🔧 Temporary Workarounds

Avoid --jobs=2 parameter

all

Do not use --jobs=2 when building containers as this triggers the vulnerable code path

podman build --jobs=1
buildah bud --jobs=1

Restrict container building privileges

all

Limit who can execute container builds and monitor build activities

🧯 If You Can't Patch

  • Disable or restrict container building capabilities for untrusted users
  • Implement strict monitoring of container build activities and audit logs

🔍 How to Verify

Check if Vulnerable:

Check Podman and Buildah versions against Red Hat advisories. Vulnerable if using affected versions and building containers with --jobs=2.

Check Version:

podman --version && buildah --version

Verify Fix Applied:

Verify updated versions are installed and test building containers with --jobs=2 to ensure no host file enumeration occurs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual container build activities with --jobs=2 parameter
  • Multiple concurrent build processes from same user
  • Access to host paths from within container builds

Network Indicators:

  • Unusual outbound connections from build containers to sensitive internal systems

SIEM Query:

container.runtime: podman AND cmdline: *--jobs=2* AND event.action: build

📊 Metadata

CVE ID: CVE-2024-11218
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-269
EPSS Score: 0.07% exploit probability (20.6th percentile)
Published: January 22, 2025
Last Updated: October 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11218, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)