8.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
7 packages
- buildkit-nix
- buildkite-cli
- buildkite-agent
- buildkite-agent-metrics
- buildkite-test-collector-rust
- terraform-providers.buildkite
- terraform-providers.buildkite_buildkite
- @LeSuisse accepted
- @LeSuisse published on GitHub
BuildKit vulnerable to malicious frontend causing file escape outside of storage root
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.
References
- https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj x_refsource_CONFIRM
- https://github.com/moby/buildkit/releases/tag/v0.28.1 x_refsource_MISC
Affected products
- ==< 0.28.1
Matching in nixpkgs
Ignored packages (7)
pkgs.buildkit-nix
Nix frontend for BuildKit
pkgs.buildkite-cli
Command line interface for Buildkite
pkgs.buildkite-agent
Build runner for buildkite.com
pkgs.buildkite-agent-metrics
Command-line tool (and Lambda) for collecting Buildkite agent metrics
pkgs.buildkite-test-collector-rust
Rust adapter for Buildkite Test Analytics
pkgs.terraform-providers.buildkite
None
Package maintainers
-
@developer-guy Batuhan Apaydın <developerguyn@gmail.com>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>