CVE-2024-9341

Name: CVE-2024-9341
Creator: NVD / NIST
Published: 2024-10-01T19:15:09.5+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.2/10EPSS 0.98%

Last modified Jun 17, 2026

CVE-2024-9341 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. EPSS estimates a 0.98% chance of exploitation in the next 30 days.

Description

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

Metrics

CVSS 3.1

8.2/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

EPSS Probability

0.98%

57.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-59

Affected Software

Vendor	Product	Versions
Containers	Common	All versions
Redhat	Openshift Container Platform	4.12
Redhat	Openshift Container Platform	4.13
Redhat	Openshift Container Platform	4.14
Redhat	Openshift Container Platform	4.15
Redhat	Openshift Container Platform	4.16
Redhat	Openshift Container Platform	4.17
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0

References

https://access.redhat.com/errata/RHSA-2024:10147
https://access.redhat.com/errata/RHSA-2024:10818
https://access.redhat.com/errata/RHSA-2024:7925Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8039Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8112Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8238Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8263Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8428Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8690Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8694Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8846Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9454Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9459Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-9341Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2315691Issue Tracking, Third Party Advisory
https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169Product
https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349Product

Timeline

Published: Oct 1, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-9341?

How severe is CVE-2024-9341?

CVE-2024-9341 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.98% probability of exploitation in the next 30 days.

How do I fix CVE-2024-9341?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-9341?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST