20 matches found
ROS-20260430-73-0005
Vulnerability in buildkit related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
CVE-2026-33747
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...
Linux Distros Unpatched Vulnerability : CVE-2026-33748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-33747
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...
Linux Distros Unpatched Vulnerability : CVE-2026-33747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a...
EUVD-2026-16518
BuildKit's Malicious frontend can cause file escape outside of storage root...
PT-2026-28526
Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description Insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted...
PT-2026-28525
Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description BuildKit is a toolkit for converting source code to build artifacts. When using a custom BuildKit frontend, a malicious frontend can craft an API message that causes files to be written outside of...
EUVD-2023-1011
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-23650
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend...
AZL-35010 CVE-2024-23652 affecting package moby-engine for versions less than 25.0.3-1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the...
UBUNTU-CVE-2024-23652
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the...
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-23652 BuildKit possible host system access from mount stub cleaner
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the...
PT-2024-1519 · Buildkit +3 · Buildkit +3
Name of the Vulnerable Software and Affected Versions: BuildKit versions prior to 0.12.5 Description: The issue is related to a race condition that can occur when two malicious build steps run in parallel, sharing the same cache mounts with subpaths. This can lead to files from the host system...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
PT-2023-20454 · Buildctl +2 · Buildctl +2
Name of the Vulnerable Software and Affected Versions: BuildKit versions v0.11.0 through v0.11.3 Description: The issue arises when a build request contains a Git URL with credentials and creates a provenance attestation describing the build. These credentials could be visible from the provenance...