{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T18:27:11.236","vulnerabilities":[{"cve":{"id":"CVE-2024-9341","sourceIdentifier":"secalert@redhat.com","published":"2024-10-01T19:15:09.500","lastModified":"2024-12-11T04:15:06.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system."},{"lang":"es","value":"Se encontró una falla en Go. Cuando el modo FIPS está habilitado en un sistema, los entornos de ejecución de contenedores pueden manejar incorrectamente ciertas rutas de archivos debido a una validación incorrecta en los contenedores/librería Go común. Esta falla permite a un atacante explotar enlaces simbólicos y engañar al sistema para que monte directorios de host sensibles dentro de un contenedor. Este problema también permite a los atacantes acceder a archivos de host críticos, evadiendo el aislamiento previsto entre los contenedores y el sistema host."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:containers:common:*:*:*:*:*:go:*:*","matchCriteriaId":"A7F0EAB8-89A3-4A8D-91A5-70C74A8CC8B9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*","matchCriteriaId":"40449571-22F8-44FA-B57B-B43F71AB25E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*","matchCriteriaId":"1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*","matchCriteriaId":"486B3F69-1551-4F8B-B25B-A5864248811B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*","matchCriteriaId":"4716808D-67EB-4E14-9910-B248A500FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*","matchCriteriaId":"0EBB38E1-4161-402D-8A37-74D92891AAC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*","matchCriteriaId":"F4B66318-326A-43E4-AF14-015768296E4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","matchCriteriaId":"053C1B35-3869-41C2-9551-044182DE0A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10147","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:10818","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:7925","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8039","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8112","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8238","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8263","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8428","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8690","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8694","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:8846","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:9454","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:9459","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-9341","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315691","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169","source":"secalert@redhat.com","tags":["Product"]},{"url":"https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349","source":"secalert@redhat.com","tags":["Product"]}]}}]}