CVE-2024-23652

SOURCE - github

Summary

Impact

A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.

References

EPSS Score: 0.00054 (0.216)

Common Weakness Enumeration (CWE)

SOURCE - nist

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SOURCE - github

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SOURCE - gitlab

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NIST

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

9.1critical

GitHub

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

10critical

Alpine

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Ubuntu

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.1medium

GoLang

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

GitLab

CREATED


UPDATED


SOURCE ID

CVE-2024-23652


EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

10critical

Amazon

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED


UPDATED



EXPLOITABILITY SCORE

1.0


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.4high

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-2cv7-75q6-cvrq


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-4v29-m22x-5m58


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-7vxc-hp2w-725j


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-7wr2-gxv6-5g96


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-9rhv-6x5x-p3wh


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-cf38-mj9p-m2h7


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-hqhv-f77r-cq7c


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-jh3p-vg64-hm2m


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-m737-5xv8-m883


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-mp67-g995-65f4


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-rpw2-9v92-4g7f


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-wgv3-9hrx-gj3g


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED


UPDATED


SOURCE ID

CGA-x5pw-xwxw-p7jx


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-2cv7-75q6-cvrq


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-4v29-m22x-5m58


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-7wr2-gxv6-5g96


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-cf38-mj9p-m2h7


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-9rhv-6x5x-p3wh


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-hqhv-f77r-cq7c


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-jh3p-vg64-hm2m


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-m737-5xv8-m883


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-rpw2-9v92-4g7f


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-wgv3-9hrx-gj3g


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Wolfi

CREATED


UPDATED


SOURCE ID

CGA-x5pw-xwxw-p7jx


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE