CVE-2024-23651

SOURCE - github

Summary

Impact

Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

References

https://www.openwall.com/lists/oss-security/2019/05/28/1

EPSS Score: 0.00067 (0.294)

Common Weakness Enumeration (CWE)

SOURCE - nist

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

SOURCE - github

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

SOURCE - gitlab

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


NIST

CREATED


UPDATED



EXPLOITABILITY SCORE

2.2


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.4high

GitHub

CREATED


UPDATED



EXPLOITABILITY SCORE

2.2


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.7high

Alpine

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Ubuntu

CREATED


UPDATED



EXPLOITABILITY SCORE

2.2


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.4medium

GoLang

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

GitLab

CREATED


UPDATED


SOURCE ID

CVE-2024-23651


EXPLOITABILITY SCORE

2.2


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.7high

Amazon

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED


UPDATED



EXPLOITABILITY SCORE

1.1


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-2pf6-mcw3-86w8


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-35v4-4g89-c7vg


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-5r59-v4x3-mcq8


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-7x8v-47c7-r9j5


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-8v8h-vjwp-w2q2


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-9qpq-5hvj-539p


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-cfmq-73h4-8888


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-hpfp-4ff7-27r4


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-m4g3-g2h3-p3rq


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-v5x3-4vp7-q26m


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-rgpg-f9fq-2pv5


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-wmg5-h8w8-cvgm


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-xv2h-pv92-v4rc


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-35v4-4g89-c7vg


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-2pf6-mcw3-86w8


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-5r59-v4x3-mcq8


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-9qpq-5hvj-539p


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-cfmq-73h4-8888


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-hpfp-4ff7-27r4


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-m4g3-g2h3-p3rq


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-v5x3-4vp7-q26m


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-rgpg-f9fq-2pv5


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-wmg5-h8w8-cvgm


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-xv2h-pv92-v4rc


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE