[GO-2024-2497] Privilege escalation in github.com/moby/buildkit
Severity
Critical
Affected Packages
5
Fixed Packages
5
CVEs
1
BuildKit provides APIs for running interactive containers based on built images.
It was possible to use these APIs to ask BuildKit to run a container with
elevated privileges. Normally, running such containers is only allowed if
special security.insecure entitlement is enabled both by buildkitd configuration
and allowed by the user initializing the build request.
| Package | Affected Version |
|---|---|
 pkg:golang/github.com/moby/buildkit/solver/llbsolver
|
>= 0.12.4, < 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/frontend/gateway/forwarder
|
>= 0.12.4, < 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/frontend/gateway/container
|
>= 0.12.4, < 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/frontend/gateway
|
>= 0.12.4, < 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/cmd/buildkitd
|
>= 0.12.4, < 0.12.5 |
| Package | Fixed Version |
|---|---|
|
pkg:golang/github.com/moby/buildkit/solver/llbsolver
|
= 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/frontend/gateway/forwarder
|
= 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/frontend/gateway/container
|
= 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/frontend/gateway
|
= 0.12.5 |
|
pkg:golang/github.com/moby/buildkit/cmd/buildkitd
|
= 0.12.5 |
- ID
- GO-2024-2497
- Severity
- critical
- Severity from
- CVE-2024-23653
- URL
- https://pkg.go.dev/vuln/GO-2024-2497
- Published
-
2024-02-06T22:17:51
(7 months ago) - Modified
-
2024-05-14T19:19:00
(4 months ago) - Other Advisories
ALPINE:CVE-2024-23653
GLSA-202407-12
SUSE-SU-2024:0586-1| Source | # ID | Name | URL |
|---|---|---|---|
| Security Advisory |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:golang/github.com/moby/buildkit/solver/llbsolver | github.com/moby/buildkit/solver |
llbsolver
|
= 0.12.5 | |||
| Affected | pkg:golang/github.com/moby/buildkit/solver/llbsolver | github.com/moby/buildkit/solver |
llbsolver
|
>= 0.12.4 < 0.12.5 | |||
| Fixed | pkg:golang/github.com/moby/buildkit/frontend/gateway/forwarder | github.com/moby/buildkit/frontend/gateway |
forwarder
|
= 0.12.5 | |||
| Affected | pkg:golang/github.com/moby/buildkit/frontend/gateway/forwarder | github.com/moby/buildkit/frontend/gateway |
forwarder
|
>= 0.12.4 < 0.12.5 | |||
| Fixed | pkg:golang/github.com/moby/buildkit/frontend/gateway/container | github.com/moby/buildkit/frontend/gateway |
container
|
= 0.12.5 | |||
| Affected | pkg:golang/github.com/moby/buildkit/frontend/gateway/container | github.com/moby/buildkit/frontend/gateway |
container
|
>= 0.12.4 < 0.12.5 | |||
| Fixed | pkg:golang/github.com/moby/buildkit/frontend/gateway | github.com/moby/buildkit/frontend |
gateway
|
= 0.12.5 | |||
| Affected | pkg:golang/github.com/moby/buildkit/frontend/gateway | github.com/moby/buildkit/frontend |
gateway
|
>= 0.12.4 < 0.12.5 | |||
| Fixed | pkg:golang/github.com/moby/buildkit/cmd/buildkitd | github.com/moby/buildkit/cmd |
buildkitd
|
= 0.12.5 | |||
| Affected | pkg:golang/github.com/moby/buildkit/cmd/buildkitd | github.com/moby/buildkit/cmd |
buildkitd
|
>= 0.12.4 < 0.12.5 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |