15 matches found
Azure Linux 3.0 Security Update: moby-engine (CVE-2024-36621)
The version of moby-engine installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36621 advisory. - moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The...
GO-2025-3414 Buildah allows build breakout using malicious Containerfiles and concurrent builds in github.com/containers/buildah
Buildah allows build breakout using malicious Containerfiles and concurrent builds in github.com/containers/buildah...
GHSA-5VPC-35F4-R8W6 Buildah allows build breakout using malicious Containerfiles and concurrent builds
Impact With careful use of the --mount flag in RUN instructions in Containerfiles, and by using either multi-stage builds with use of concurrently-executing build stages e.g., using the --jobs CLI flag or multiple separate but concurrently-executing builds, a malicious Containerfile can be used t...
Buildah allows build breakout using malicious Containerfiles and concurrent builds
Impact With careful use of the --mount flag in RUN instructions in Containerfiles, and by using either multi-stage builds with use of concurrently-executing build stages e.g., using the --jobs CLI flag or multiple separate but concurrently-executing builds, a malicious Containerfile can be used t...
Race Condition Vulnerability
github.com/moby/moby is vulnerable to a Race Condition. The vulnerability is due to improper synchronization in builder/builder-next/adapters/snapshot/layer.go within the EnsureLayer function, allowing concurrent builds to access shared resources without adequate safeguards, leading to resource...
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
...
SUSE CVE-2024-36621
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
Moby Race Condition vulnerability
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
GHSA-2MJ3-VFVX-FC43 Moby Race Condition vulnerability
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
CVE-2024-36621
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
DEBIAN-CVE-2024-36621
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
AZL-53810 CVE-2024-36621 affecting package moby-engine for versions less than 25.0.3-9
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
AZL-53813 CVE-2024-36621 affecting package moby-engine for versions less than 24.0.9-13
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
UBUNTU-CVE-2024-36621
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
PT-2023-24110 · Jenkins · Jenkins Pipeline: Job Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Job Plugin versions 1292.v27d8cc3e2602 and earlier Description: The Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site...