moby/buildkit: Possible race condition with accessing subpaths from cache mounts

A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...

CVE-2024-23650

A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...

CVE-2024-23652

A vulnerability was found in the Moby Builder Toolkit, which arose from BuildKit's attempts to clean up temporarily added directories after use. A malicious BuildKit frontend or Dockerfile using RUN --mount could deceive the feature responsible for removing empty files created for the mount point...

CVE-2024-23653

A vulnerability was found in the Moby Builder Toolkit, specifically in the Interactive Containers API, where entitlement checks are not adequately validated, caused by a missing privilege check in a GRPC endpoint when called using a custom syntax format. This flaw allows the currently running...