9 matches found
[SECURITY] Fedora 41 Update: docker-buildx-0.30.1-1.fc41
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 42 Update: docker-buildx-0.30.1-1.fc42
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 41 Update: docker-buildx-0.29.1-1.fc41
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 41 Update: docker-buildx-0.27.0-1.fc41
Docker CLI plugin for extended build capabilities with BuildKit...
ROS-20250515-04
The vulnerability of the docker CLI plugin that extends Buildx build capabilities is related to the fact that the software stores sensitive information in log files. software stores sensitive information in log files. Exploiting the vulnerability could allow an attacker to gain access to sensitiv...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
CVE-2025-0495 affects docker-buildx/moby-buildx (Buildx) where credentials set as attribute values in cache-to/cache-from can be captured by OpenTelemetry traces and BuildKit history. Exploitation status is not detailed in the provided sources. The vulnerability does not apply to secrets passed v...