Listen to this Post
The vulnerability exists within the `podman build` command’s handling of the `RUN –mount=type=bind` instruction. During the image build process, a temporary directory is created on the host to serve as the build context. When a bind mount is used within a RUN instruction, any files created or modified by that command within the mounted directory are not properly isolated. Instead of being discarded or contained solely within the temporary container’s filesystem, these changes are inadvertently committed back to the host’s temporary build context directory. This flaw occurs due to incorrect handling of file system layers and mount propagation, leaving sensitive files, which should be ephemeral, with insecure permissions on the host machine, accessible to other users and processes.
Platform: Podman
Version: Up to 4.x
Vulnerability: Insecure Permissions
Severity: High
date: 2025-09-16
Prediction: Patch by 2025-10-14
What Undercode Say:
`podman build -f Containerfile .`
`ls -la /tmp/podman-build-/`
`cat /tmp/podman-build-xyz789/mounted-data/secret.key`
How Exploit:
Attacker crafts a malicious Containerfile with a RUN instruction that uses a bind mount to write a file during build. The resulting file is not discarded and remains on the host in the temporary directory, which may have overly permissive permissions, allowing unauthorized read access.
Protection from this CVE:
Update Podman.
Audit build hosts.
Secure /tmp directories.
Impact:
Information Disclosure
Local Privilege Escalation
Host Filesystem Contamination
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

