CVE-2024-23651

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Jan 31, 2024
Updated: Feb 9, 2024
CWE ID 362

Summary

CVE-2024-23651 is a vulnerability affecting BuildKit, a toolkit used for converting source code into build artifacts. This issue arises when two malicious build steps run in parallel and share the same cache mounts with overlapping subpaths. As a result, a race condition occurs, granting unauthorized access to files from the host system to the build container. The latest version, v0.12.5, includes a fix for this vulnerability. Users can also implement workarounds by avoiding the use of untrusted BuildKit frontends or building untrusted Dockerfiles without the --mount=type=cache,source=... options.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share