DirectorySecurity Advisories
Sign In
Security Advisories

CGA-rgpg-f9fq-2pv5

Published

Last updated

https://images.chainguard.dev/security/CGA-rgpg-f9fq-2pv5
Package

datadog-agent

Latest Update
Fixed
Fixed Version

7.50.3-r1

Aliases
  • CVE-2024-23651
  • GHSA-m3r6-h7wv-7xxv

Severity

8.7

High

CVSS V3

Summary

BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts

Description

Impact

Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

References

https://www.openwall.com/lists/oss-security/2019/05/28/1

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images