CVE-2024-9341 - Go FIPS Mode Symbolic Link Vulnerability

1 month ago 25
ARTICLE AD BOX
CVE ID : CVE-2024-9341
Published : Oct. 1, 2024, 7:15 p.m. | 24 minutes ago
Description : A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article