CVE-2024-23652

EUVD-2024-0254
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
GitHub_MCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
mobyprojectbuildkit
𝑥
< 0.12.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
docker.io
bionic
Fixed 20.10.21-0ubuntu1~18.04.3+esm3
released
focal
Fixed 20.10.21-0ubuntu1~20.04.6+esm2
released
jammy
Fixed 20.10.21-0ubuntu1~22.04.7+esm2
released
mantic
ignored
noble
Fixed 20.10.25+dfsg1-2ubuntu1+esm2
released
oracular
ignored
plucky
needed
questing
needed
trusty
ignored
xenial
ignored
docker.io-app
bionic
dne
focal
needed
jammy
Fixed 27.5.1-0ubuntu3~22.04.2
released
mantic
ignored
noble
Fixed 27.5.1-0ubuntu3~24.04.2
released
oracular
ignored
plucky
not-affected
questing
not-affected
trusty
ignored
xenial
dne
Common Weakness Enumeration
References
https://github.com/moby/buildkit/pull/4603
https://github.com/moby/buildkit/releases/tag/v0.12.5
https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
https://github.com/moby/buildkit/pull/4603
https://github.com/moby/buildkit/releases/tag/v0.12.5
https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8