10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.8%
BuildKit is a toolkit for converting source code to build artifacts in an
efficient, expressive and repeatable manner. A malicious BuildKit frontend
or Dockerfile using RUN --mount could trick the feature that removes empty
files created for the mountpoints into removing a file outside the
container, from the host system. The issue has been fixed in v0.12.5.
Workarounds include avoiding using BuildKit frontends from an untrusted
source or building an untrusted Dockerfile containing RUN --mount feature.
Author | Note |
---|---|
alexmurray | Traditionally the docker.io source package contained both the library and docker application. However, in releases that contain the docker.io-app source package, the docker.io source package contains only the library whilst the docker application itself is contained in the docker.io-app package. |
sbeattie | docker packages contain an embedded copy of github:moby/buildkit |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | docker.io | < any | UNKNOWN |
ubuntu | 20.04 | noarch | docker.io | < any | UNKNOWN |
ubuntu | 22.04 | noarch | docker.io | < any | UNKNOWN |
ubuntu | 23.10 | noarch | docker.io | < any | UNKNOWN |
ubuntu | 24.04 | noarch | docker.io | < any | UNKNOWN |
ubuntu | 20.04 | noarch | docker.io-app | < any | UNKNOWN |
ubuntu | 22.04 | noarch | docker.io-app | < any | UNKNOWN |
ubuntu | 23.10 | noarch | docker.io-app | < any | UNKNOWN |
ubuntu | 24.04 | noarch | docker.io-app | < any | UNKNOWN |
github.com/moby/buildkit/pull/4603
github.com/moby/buildkit/releases/tag/v0.12.5
github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
launchpad.net/bugs/cve/CVE-2024-23652
nvd.nist.gov/vuln/detail/CVE-2024-23652
security-tracker.debian.org/tracker/CVE-2024-23652
www.cve.org/CVERecord?id=CVE-2024-23652
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.8%