Lucene search
Veracode Vulnerability DatabaseVERACODE:45293HistoryFeb 02, 2024 - 10:52 a.m.
Cache Poisoning
2024-02-0210:52:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
moby
cache poisoning
vulnerability
improper configuration
buildkit
docker
build api
Moby is vulnerable to Cache Poisoning. The vulnerability is due to improper cache configuration when the image is built FROM scratch. This issue can be exploited by an attacker to poison the cache and force a user to pull a specially crafted image. Note that 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint.
Related
cvelist
cvelist
CVE-2024-24557 Moby classic builder cache poisoning
2024-02-01 16:26:29
redos
redos
ROS-20240410-17
2024-04-10 00:00:00
osv
osv
Classic builder cache poisoning
2024-02-01 20:51:19
CVE-2024-24557
2024-02-01 17:15:10
cgr
cgr
CVE-2024-24557 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
prion
prion
Design/Logic Flaw
2024-02-01 17:15:00
alpinelinux
alpinelinux
CVE-2024-24557
2024-02-01 17:15:10
redhatcve
redhatcve
CVE-2024-24557
2024-02-02 01:11:19
debiancve
debiancve
CVE-2024-24557
2024-02-01 17:15:10
cve
cve
CVE-2024-24557
2024-02-01 17:15:10
ubuntucve
ubuntucve
CVE-2024-24557
2024-02-01 00:00:00
github
github
Classic builder cache poisoning
2024-02-01 20:51:19
wolfi
wolfi
CVE-2024-24557 vulnerabilities
2024-05-28 15:40:08
ibm
ibm
openvas
openvas
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1585)
2024-05-10 00:00:00
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1563)
2024-05-10 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
2024-05-09 00:00:00
Amazon Linux 2023 : docker (ALAS2023-2024-542)
2024-03-06 00:00:00
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
2024-05-09 00:00:00