CGA-rpw2-9v92-4g7f

Published 11 months ago

Last updated 11 months ago

Package

datadog-agent

Latest Update
Fixed
Fixed Version

7.50.3-r1

Severity

10.0

Critical

CVSS V3

Summary

BuildKit vulnerable to possible host system access from mount stub cleaner

Description

Impact

A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.

References

Updates

Status
Fixed version
Impact
Updated
Fixed
7.50.3-r1
—

Feb 09, 2024

Under investigation
—
—

Feb 01, 2024

2 updates