Showing 1 - 3 of 3

CVE-2024-23651

Status Candidate

Overview

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

Related Files

Gentoo Linux Security Advisory 202409-29: Posted Sep 30, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202409-29 - Multiple vulnerabilities have been discovered in Docker, the worst of which could result in denial of service. Versions greater than or equal to 25.0.4 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2021-41089, CVE-2021-41091, CVE-2022-36109, CVE-2022-41717, CVE-2023-26054, CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2024-23650, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-24557; SHA-256 | c10f26c3dc36aa6b7ec55396a172baf10c09930304afdd388326b8cb450d34fd; Download | Favorite | View

Gentoo Linux Security Advisory 202407-25: Posted Jul 10, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202407-25 - Multiple vulnerabilities have been discovered in Buildah, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.35.3 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2024-1753, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-24786; SHA-256 | 0793deb8132335b967a1d75288ab156d742b15aa3f18d3454f2dc00333d65d32; Download | Favorite | View

Gentoo Linux Security Advisory 202407-12: Posted Jul 5, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2021-4024, CVE-2022-2989, CVE-2023-0778, CVE-2023-48795, CVE-2024-1753, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-24786; SHA-256 | e22be2777c5a8df045a2ac435e9240d183f7077c82350996c1268173d0e34ce2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2024-23651

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems