#VU86038 Incorrect authorization in BuildKit - CVE-2024-23653

Cybersecurity Help s.r.o.

Published: 2024-02-02 | Updated: 2024-12-19

Vulnerability identifier: #VU86038

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2024-23653

CWE-ID: CWE-863

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
BuildKit
Universal components / Libraries / Software for developers

Vendor: Moby project

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to interactive containers API does not validate entitlements check. A remote attacker can use these APIs to ask BuildKit to run a container with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

BuildKit: 0.3.0 - 0.12.4

External links
http://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g
http://github.com/moby/buildkit/pull/4602
http://github.com/moby/buildkit/releases/tag/v0.12.5

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

SUSE update for docker-stable

Multiple vulnerabilities in Dell PowerStore T Family

SUSE update for Recommended update for docker-stable

Multiple vulnerabilities in Dell PowerStore X

Gentoo update for Docker

Multiple vulnerabilities in IBM watsonx.data

SUSE update for buildah, docker

Multiple vulnerabilities in IBM Concert

Multiple vulnerabilities in IBM Concert Software

SUSE update for docker