terrascan Fix Patched BuildKit vulnerable to possible host system access from mount stub cleaner

Fix Patched BuildKit vulnerable to possible host system access from mount stub cleaner

Open JOJOBET-DALTONLAR opened this issue 1 year ago • 1 comments

A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.

CVE-2024-23652 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Feb 09 '24 22:02 JOJOBET-DALTONLAR

Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

Feb 09 '24 22:02 sonarqubecloud[bot]

terrascan terrascan copied to clipboard

Fix Patched BuildKit vulnerable to possible host system access from mount stub cleaner

Quality Gate passed

terrascan
terrascan copied to clipboard