Lucene search
K

39 matches found

RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.4 views

moby/buildkit: Possible race condition with accessing subpaths from cache mounts

A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...

5.3CVSS7.1AI score0.00957EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.53 views

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-23651)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23651 advisory. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and...

8.7CVSS6.8AI score0.00791EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/23 12:0 a.m.39 views

SUSE SLES12 Security Update : docker (SUSE-SU-2024:0587-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0587-1 advisory. Vendor latest buildkit v0.11 including bugfixes for the following: CVE-2024-23653: BuildKit API doesn't validate entitlement on...

10CVSS7.2AI score0.02983EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2024/02/06 3:45 a.m.1 views

SUSE CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

7.4CVSS8AI score0.00791EPSS
Exploits0References14
Microsoft CVE
Microsoft CVE
added 2024/02/05 8:0 a.m.5 views

BuildKit possible race condition with accessing subpaths from cache mounts

...

8.7CVSS6.6AI score0.00791EPSS
Exploits0
Veracode
Veracode
added 2024/02/01 3:47 p.m.31 views

Race Condition

buildkit is vulnerable to a Race Condition. The vulnerability is caused when two malicious build steps are ran in parallel, sharing the same cache mounts with subpaths. This issue can be exploited by an attacker to access files on the host filesystem...

8.7CVSS6.6AI score0.00791EPSS
Exploits0References5Affected Software6
Github Security Blog
Github Security Blog
added 2024/01/31 10:43 p.m.29 views

BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts

Impact Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. Patches The issue has been fixed in v0.12.5 Workarounds Avoid using BuildKit frontend...

8.7CVSS6.8AI score0.00791EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/31 10:43 p.m.21 views

GHSA-M3R6-H7WV-7XXV BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts

Impact Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. Patches The issue has been fixed in v0.12.5 Workarounds Avoid using BuildKit frontend...

8.7CVSS8.3AI score0.00791EPSS
Exploits0References5
NVD
NVD
added 2024/01/31 10:15 p.m.25 views

CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS8.9AI score0.00791EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 10:15 p.m.6 views

AZL-34085 CVE-2024-23651 affecting package moby-engine for versions less than 20.10.27-4

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

7.4CVSS6.8AI score0.00791EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/01/31 10:15 p.m.57 views

CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References6
Prion
Prion
added 2024/01/31 10:15 p.m.22 views

Race condition

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

4CVSS8.5AI score0.00791EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/31 10:15 p.m.5 views

UBUNTU-CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS6.7AI score0.00791EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/01/31 9:49 p.m.3 views

CVE-2024-23651 BuildKit possible race condition with accessing subpaths from cache mounts

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/31 9:49 p.m.28 views

CVE-2024-23651 BuildKit possible race condition with accessing subpaths from cache mounts

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS8.7AI score0.00791EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 9:49 p.m.6 views

CVE-2024-23651 BuildKit possible race condition with accessing subpaths from cache mounts

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS6.5AI score0.00791EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2024/01/31 9:49 p.m.28 views

CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS7.6AI score0.00791EPSS
Exploits0
Snyk
Snyk
added 2023/12/11 12:0 p.m.1 views

Race Condition (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References2
Snyk
Snyk
added 2023/12/11 12:0 p.m.5 views

Race Condition (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References2
Rows per page
Query Builder