EUVD-2025-8754

Malicious code in bioql PyPI...

CVE-2025-3048

CVE-2025-3048 concerns AWS SAM CLI. When building with Docker (--use-container) and symlinks are included, the content of those symlinks can be copied into the SAM CLI cache as regular files/directories, potentially exposing privileged host files to users within the local workspace. This affects ...

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-45497 Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

RHCOS 4 : OpenShift Container Platform 4.15.12 (RHSA-2024:2669)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2669 advisory. - buildah: full container escape at build time CVE-2024-1753 - cri-o: Arbitrary command injection via pod annotation CVE-2024-3154 -...

SUSE SLES12 Security Update : docker (SUSE-SU-2024:1469-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1469-1 advisory. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two...

buildah: full container escape at build time

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

Buildah security breach

Buildah is a tool that supports building OCI container images. A security vulnerability exists in Buildah 1.35.0 and earlier versions that stems from allowing containers to mount arbitrary locations on the host filesystem into the build container...

GO-2024-2493 Host system file access in github.com/moby/buildkit

Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container...

Red Hat openshift4/ose-docker-builder security vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability in Red Hat openshift4/ose-docker-builder can be exploited by an attacker to gain access to this build...