AZL-34086 CVE-2024-23652 affecting package moby-engine for versions less than 20.10.27-4

🗓️ 31 Jan 2024 22:15:54Reported by GoogleType

osv🔗 osv.dev👁 2 Views

AZL-34086 CVE-2024-23652 affects moby-engine before 20.10.27-4. BuildKit RUN --mount could delete a host file; fixed in v0.12.5. Avoid untrusted frontends.

Reporter	Title	Published	Views	Family All 143
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	30 Sep 202416:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	28 Feb 202417:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Concert Software is vulnerable to multiple issues	22 Aug 202417:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Moby BuildKit affect IBM watsonx.data	18 Sep 202420:03	–	ibm
Tenable Nessus	Amazon Linux 2023 : docker (ALAS2023-2024-542)	6 Mar 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASDOCKER-2024-044)	29 Aug 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASECS-2024-041)	5 Sep 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)	29 Aug 202400:00	–	nessus
Tenable Nessus	Docker Desktop < 4.27.1 Multiple Vulnerabilities	9 Feb 202400:00	–	nessus
Tenable Nessus	GLSA-202407-12 : podman: Multiple Vulnerabilities	5 Jul 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-23652

21 Apr 2026 04:27Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.19.1

EPSS0.05701