GO-2024-2497
- Source
- https://pkg.go.dev/vuln/GO-2024-2497
- Import Source
- https://vuln.go.dev/ID/GO-2024-2497.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2497
- Aliases
- Published
- 2024-02-07T04:19:28Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Privilege escalation in github.com/moby/buildkit
- Details
-
BuildKit provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2024-2497", "review_status": "REVIEWED" }- References
- Credits
-
-
- @rmcnamara-snyk
-
Affected packages
Go / github.com/moby/buildkit
Package
- Name
- github.com/moby/buildkit
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/moby/buildkit
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.12.5
Ecosystem specific
{
"imports": [
{
"symbols": [
"Solver.Solve",
"ValidateEntitlements",
"llbBridge.Exec",
"llbBridge.Run",
"provenanceBridge.Solve"
],
"path": "github.com/moby/buildkit/solver/llbsolver"
},
{
"symbols": [
"BridgeClient.NewContainer",
"GatewayForwarder.Solve",
"LLBBridgeToGatewayClient"
],
"path": "github.com/moby/buildkit/frontend/gateway/forwarder"
},
{
"symbols": [
"newController"
],
"path": "github.com/moby/buildkit/cmd/buildkitd"
},
{
"symbols": [
"NewContainer"
],
"path": "github.com/moby/buildkit/frontend/gateway/container"
},
{
"symbols": [
"NewBridgeForwarder",
"gatewayFrontend.Solve",
"llbBridgeForwarder.NewContainer",
"newBridgeForwarder",
"serveLLBBridgeForwarder"
],
"path": "github.com/moby/buildkit/frontend/gateway"
}
]
}