CVE-2024-23653
CRITICAL9.8EPSS 10.3%Privilege escalation in github.com/moby/buildkit
Published: 1/31/2024Modified: 2/4/2026
Description
BuildKit provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.
Affected packages (2)
- Go/github.com/moby/buildkitfrom 0, < 0.12.5
- Go/github.com/moby/buildkitfrom 0, < 0.12.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-23653
- PATCHhttps://github.com/moby/buildkit
- WEBhttps://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e
- WEBhttps://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e
- WEBhttps://github.com/moby/buildkit/pull/4602
- WEBhttps://github.com/moby/buildkit/releases/tag/v0.12.5
- WEBhttps://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g