CVE-2024-23653
Privilege escalation in github.com/moby/buildkit
9.8
CRITICAL
CVSS 3.1
EPSS 10.3%
Description
BuildKit provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.
How to fix CVE-2024-23653
To remediate CVE-2024-23653, upgrade the affected package to a fixed version below.
- —upgrade to 0.12.5 or later
- —upgrade to 0.12.5 or later
Is CVE-2024-23653 being exploited?
Moderate — EPSS is 10.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.12.5
- from 0, < 0.12.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |