Lucene search
K

8 matches found

Snyk
Snyk
added 2026/03/26 6:27 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 8:3 p.m.25 views

Security Bulletin: Vulnerabilities in Moby BuildKit affect IBM watsonx.data

Summary Moby BuildKit could allow a remote attacker to bypass security restrictions, allow a remote attacker to traverse directories on the system, or allow a remote attacker to gain elevated privileges on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2024-23651...

10CVSS8.9AI score0.02983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/28 5:18 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store...

8.7CVSS9.7AI score0.76875EPSS
Exploits19Affected Software1
OSV
OSV
added 2024/02/13 6:23 p.m.25 views

GO-2024-2493 Host system file access in github.com/moby/buildkit

Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container...

8.7CVSS8.3AI score0.00791EPSS
Exploits0References1
CISA
CISA
added 2024/02/01 12:0 p.m.12 views

Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components

Moby and the Open Container Initiative OCI have released updates for multiple vulnerabilities CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take...

10CVSS9.4AI score0.18087EPSS
Exploits18References7
Veracode
Veracode
added 2024/02/01 8:3 a.m.29 views

Arbitrary File Deletion

github.com/moby/buildkit is vulnerable to Arbitrary File Deletion. The vulnerability due to improper path sanitization when a dockerfile utilizes the RUN --mount feature. This feature is used to delete empty files which are created for mountpoints, but can be tricked into deleting arbitrary files...

10CVSS6.8AI score0.02038EPSS
Exploits0References5Affected Software5
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.20 views

Fedora: Security Advisory for golang-github-moby-buildkit (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS9.1AI score0.05994EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2021/01/27 3:57 p.m.30 views

CVE-2020-27534

A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

5.3CVSS4AI score0.01745EPSS
Exploits0References5
Rows per page
Query Builder