CVE-2024-23652

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 31, 2024

Updated: Feb 9, 2024

CWE ID 22

Summary

CVE-2024-23652 is a vulnerability affecting BuildKit, a toolkit used for converting source code into build artifacts. Malicious BuildKit frontends or Dockerfiles that employ the RUN --mount feature can manipulate the tool into deleting a file from the host system, rather than just the container, due to a misfeature in file removal. BuildKit has issued a fix in v0.12.5. Users are advised to avoid utilizing untrusted BuildKit frontends or untrusted Dockerfiles containing the RUN --mount feature as a workaround.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uMv6cw
https://www.cve.org/CVERecord?id=CVE-2024-23652
https://nvd.nist.gov/vuln/detail/CVE-2024-23652

Back to Vulnerability Database

CVE-2024-23652

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations