3.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-phhq-63jg-fp7r

EPSS Score

CWE

CWE-552

Published

7/9/2025

Updated

7/9/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-phhq-63jg-fp7r

GHSA-phhq-63jg-fp7r: Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background

The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by Kubernetes. However, containered implements the specified conversion logic and adds a mount point if there is none set by Kubernetes.

Unfortunately, the specification leaves it open whether the mount point is populated with any and what data, so the runtime needs to be able to push arbitrary data to the Kata agent. However, this is almost always not what the user wants:

A declared VOLUME location is usually important to the app's core functionality, which is usually at odds with the data in that location being untrusted.
VOLUME declarations are often used by image vendors to indicate "mount your persistence here" to the user. They are rarely useful without a real volume mounted there.

Impact

All of the following need to be true to be affected by this vulnerability:

A bare metal Contrast deployment (AKS is not affected).
An image with at least one VOLUME directive.
No Kubernetes mount at the path of the VOLUME.

If these are all true, the host is able to write arbitrary trees below that mount point.

Patches

Patched in v1.9.1 by disallowing this configuration in contrast generate.

Workarounds

Explicitly mount an emptyDir to all VOLUME locations. If the initial data in these locations is needed by the application, the image needs to be modified to remove the config.volumes entries.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-phhq-63jg-fp7r

GHSA-phhq-63jg-fp7r:

3.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-phhq-63jg-fp7r

EPSS Score

CWE

CWE-552

Published

7/9/2025

Updated

7/9/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/edgelesssys/contrast	go	< 1.9.1	1.9.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the genpolicy tool, which is part of the contrast project. Specifically, when a container image defined a VOLUME in its configuration and no corresponding volume mount was specified in the Kubernetes pod definition, genpolicy would automatically create a policy for a bind mount. This bind mount would map a directory from the host filesystem into the container at the path specified by the VOLUME directive. This behavior could be exploited by a malicious actor with control over the host to inject arbitrary files and directories into the container's filesystem, leading to a potential compromise of the containerized application.

The patch addresses this vulnerability by changing the behavior of the genpolicy tool. Instead of creating an implicit and potentially insecure bind mount, the updated code in yaml::get_container_mounts_and_storages now checks if every VOLUME declared in the image has a corresponding volume mount defined in the Kubernetes configuration. If any VOLUME is found without an explicit mount, the policy generation process will fail with a panic, forcing the user to explicitly configure a volume (e.g., an emptyDir) for that path. This change eliminates the possibility of the host injecting data through an implicitly created mount. The core vulnerable logic, which created the mount, was located in mount_and_storage::get_image_mount_and_storage, and this function was entirely removed by the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.5

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-phhq-63jg-fp7r: Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background

Impact

Patches

Workarounds

GHSA-phhq-63jg-fp7r:

3.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-phhq-63jg-fp7r: Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background

Impact

Patches

Workarounds

3.5

3.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI