6 matches found
CVE-2024-23652
CVE-2024-23652 affects BuildKit, where a malicious BuildKit frontend or Dockerfile using RUN --mount could bypass the file-removal safeguards that delete empty files for mountpoints, potentially allowing removal of a host file from inside the container. The issue is fixed in BuildKit v0.12.5. Mit...
CVE-2024-23653
CVE-2024-23653 involves BuildKit allowing a container with elevated privileges via interactive APIs unless entitlement checks are enforced. Description notes that privileged containers are normally gated by security.insecure entitlement and user authorization, and that the issue has been fixed in...
CVE-2024-23651
CVE-2024-23651 relates to BuildKit, where two parallel build steps sharing the same cache mounts with subpaths can cause a race condition that exposes host files to the build container. Affected scope includes BuildKit components and related Docker/Moby tooling; multiple connected documents corro...
CVE-2024-23650
CVE-2024-23650 affects BuildKit-related tooling across multiple ecosystems. According to connected documents, affected packages include moby-engine (<24.0.9-14), moby-compose (<2.17.3-5), docker-compose (<2.27.0-1), and docker-buildx (
CVE-2026-33747
CVE-2026-33747 affects BuildKit prior to v0.28.1. When using a custom BuildKit frontend, an untrusted frontend can craft an API message to cause files to be written outside the BuildKit state directory for the execution context, potentially enabling local privilege escalation or unauthorized file...
CVE-2026-33748
CVE-2026-33748 (BuildKit) : Prior to BuildKit 0.28.1, there was insufficient validation of Git URL fragment subdir components, which could allow access to files outside the checked-out Git repository root (limited to files on the same mounted filesystem). Red Hat advisories for OpenShift Service ...