← back
CVE-2024-23652

BuildKit possible host system access from mount stub cleaner

CVSS 10 CRITICALEPSS 2.0%CWE-22
In short

BuildKit, a container build tool, has a critical vulnerability where a malicious build configuration can trick the cleanup process into deleting files on the host system instead of just inside the container. This allows attackers to destroy important host files if they can control the Dockerfile or build frontend.

Technical detail

CWE-22 path traversal vulnerability in BuildKit's mount stub cleaner: a malicious Dockerfile or frontend using RUN --mount can exploit the post-build cleanup mechanism to delete arbitrary files on the host filesystem. Exploitation requires the attacker to supply or control the Dockerfile or BuildKit frontend; impact is unrestricted host file deletion with the privileges of the BuildKit process.

Summary generated and translated by AI from the official description.
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Affected products
moby · buildkit
public PoCs found1
githubgithub.com/abian2/CVE-2024-236522
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/moby/buildkit/pull/4603https://github.com/moby/buildkit/releases/tag/v0.12.5https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8