8 matches found
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...
Security Bulletin: Vulnerabilities in Moby BuildKit affect IBM watsonx.data
Summary Moby BuildKit could allow a remote attacker to bypass security restrictions, allow a remote attacker to traverse directories on the system, or allow a remote attacker to gain elevated privileges on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2024-23651...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store...
GO-2024-2493 Host system file access in github.com/moby/buildkit
Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container...
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Moby and the Open Container Initiative OCI have released updates for multiple vulnerabilities CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take...
Arbitrary File Deletion
github.com/moby/buildkit is vulnerable to Arbitrary File Deletion. The vulnerability due to improper path sanitization when a dockerfile utilizes the RUN --mount feature. This feature is used to delete empty files which are created for mountpoints, but can be tricked into deleting arbitrary files...
Fedora: Security Advisory for golang-github-moby-buildkit (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-27534
A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...