Lucene search
K

6 matches found

CVE
CVE
added 2024/01/31 9:57 p.m.427 views

CVE-2024-23652

CVE-2024-23652 affects BuildKit, where a malicious BuildKit frontend or Dockerfile using RUN --mount could bypass the file-removal safeguards that delete empty files for mountpoints, potentially allowing removal of a host file from inside the container. The issue is fixed in BuildKit v0.12.5. Mit...

10CVSS9AI score0.02038EPSS
CVE
CVE
added 2024/01/31 10:3 p.m.426 views

CVE-2024-23653

CVE-2024-23653 involves BuildKit allowing a container with elevated privileges via interactive APIs unless entitlement checks are enforced. Description notes that privileged containers are normally gated by security.insecure entitlement and user authorization, and that the issue has been fixed in...

9.8CVSS9.3AI score0.02983EPSS
CVE
CVE
added 2024/01/31 9:49 p.m.423 views

CVE-2024-23651

CVE-2024-23651 relates to BuildKit, where two parallel build steps sharing the same cache mounts with subpaths can cause a race condition that exposes host files to the build container. Affected scope includes BuildKit components and related Docker/Moby tooling; multiple connected documents corro...

8.7CVSS7.4AI score0.00791EPSS
CVE
CVE
added 2024/01/31 9:42 p.m.362 views

CVE-2024-23650

CVE-2024-23650 affects BuildKit-related tooling across multiple ecosystems. According to connected documents, affected packages include moby-engine (<24.0.9-14), moby-compose (<2.17.3-5), docker-compose (<2.27.0-1), and docker-buildx (

5.3CVSS5.5AI score0.00957EPSS
CVE
CVE
added 2026/03/27 12:49 a.m.45 views

CVE-2026-33747

CVE-2026-33747 affects BuildKit prior to v0.28.1. When using a custom BuildKit frontend, an untrusted frontend can craft an API message to cause files to be written outside the BuildKit state directory for the execution context, potentially enabling local privilege escalation or unauthorized file...

9.8CVSS6AI score0.00498EPSS
CVE
CVE
added 2026/03/27 2:0 p.m.31 views

CVE-2026-33748

CVE-2026-33748 (BuildKit) : Prior to BuildKit 0.28.1, there was insufficient validation of Git URL fragment subdir components, which could allow access to files outside the checked-out Git repository root (limited to files on the same mounted filesystem). Red Hat advisories for OpenShift Service ...

8.2CVSS5.8AI score0.00463EPSS