CVE-2024-23652

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
GitHub_MCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
mobyprojectbuildkit
𝑥
< 0.12.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
docker.io
plucky
needed
oracular
needed
noble
Fixed 20.10.25+dfsg1-2ubuntu1+esm2
released
mantic
ignored
jammy
Fixed 20.10.21-0ubuntu1~22.04.7+esm2
released
focal
Fixed 20.10.21-0ubuntu1~20.04.6+esm2
released
bionic
Fixed 20.10.21-0ubuntu1~18.04.3+esm3
released
xenial
ignored
trusty
ignored
docker.io-app
plucky
needed
oracular
needed
noble
needed
mantic
ignored
jammy
needed
focal
needed
bionic
dne
xenial
dne
trusty
ignored
Common Weakness Enumeration
References
https://github.com/moby/buildkit/pull/4603
https://github.com/moby/buildkit/releases/tag/v0.12.5
https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
https://github.com/moby/buildkit/pull/4603
https://github.com/moby/buildkit/releases/tag/v0.12.5
https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8