Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-24557
Vulnerability from cvelistv5
Published
2024-02-01 16:26
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moby",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.2"
},
{
"status": "affected",
"version": " \u003c 24.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T17:38:40.747Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
}
],
"source": {
"advisory": "GHSA-xw73-rw38-6vjc",
"discovery": "UNKNOWN"
},
"title": "Moby classic builder cache poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24557",
"datePublished": "2024-02-01T16:26:29.685Z",
"dateReserved": "2024-01-25T15:09:40.208Z",
"dateUpdated": "2024-08-01T23:19:52.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-24557\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-01T17:15:10.953\",\"lastModified\":\"2024-11-21T08:59:24.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.\"},{\"lang\":\"es\",\"value\":\"Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir la contenedorizaci\u00f3n de software. El sistema de cach\u00e9 del constructor cl\u00e1sico es propenso a envenenar el cach\u00e9 si la imagen se crea DESDE scratch. Adem\u00e1s, los cambios en algunas instrucciones (las m\u00e1s importantes son HEALTHCHECK y ONBUILD) no provocar\u00edan una p\u00e9rdida de cach\u00e9. Un atacante con conocimiento del Dockerfile que alguien est\u00e1 usando podr\u00eda envenenar su cach\u00e9 al obligarlo a extraer una imagen especialmente manipulada que se considerar\u00eda como un candidato de cach\u00e9 v\u00e1lido para algunos pasos de compilaci\u00f3n. Los usuarios de 23.0+ solo se ven afectados si optaron expl\u00edcitamente por no participar en Buildkit (variable de entorno DOCKER_BUILDKIT=0) o si est\u00e1n usando el endpoint API /build. Todos los usuarios con versiones anteriores a la 23.0 podr\u00edan verse afectados. El punto final de la API de creaci\u00f3n de im\u00e1genes (/build) y la funci\u00f3n ImageBuild de github.com/docker/docker/client tambi\u00e9n se ven afectados ya que utiliza el generador cl\u00e1sico de forma predeterminada. Los parches se incluyen en las versiones 24.0.9 y 25.0.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"},{\"lang\":\"en\",\"value\":\"CWE-346\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.0.9\",\"matchCriteriaId\":\"8334C2EE-69C4-42D5-89C3-00C77A880F08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"25.0.0\",\"versionEndExcluding\":\"25.0.2\",\"matchCriteriaId\":\"D9331CA9-E92E-4D37-8C87-92F6D4418C4A\"}]}]}],\"references\":[{\"url\":\"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2024-24557
Vulnerability from gsd
Modified
2024-01-26 06:02
Details
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-24557"
],
"details": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.",
"id": "GSD-2024-24557",
"modified": "2024-01-26T06:02:26.103598Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-24557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moby",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 25.0.0, \u003c 25.0.2"
},
{
"version_affected": "=",
"version_value": " \u003c 24.0.9"
}
]
}
}
]
},
"vendor_name": "moby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-346",
"lang": "eng",
"value": "CWE-346: Origin Validation Error"
}
]
},
{
"description": [
{
"cweId": "CWE-345",
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"refsource": "MISC",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
"refsource": "MISC",
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
}
]
},
"source": {
"advisory": "GHSA-xw73-rw38-6vjc",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8334C2EE-69C4-42D5-89C3-00C77A880F08",
"versionEndExcluding": "24.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9331CA9-E92E-4D37-8C87-92F6D4418C4A",
"versionEndExcluding": "25.0.2",
"versionStartIncluding": "25.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
},
{
"lang": "es",
"value": "Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir la contenedorizaci\u00f3n de software. El sistema de cach\u00e9 del constructor cl\u00e1sico es propenso a envenenar el cach\u00e9 si la imagen se crea DESDE scratch. Adem\u00e1s, los cambios en algunas instrucciones (las m\u00e1s importantes son HEALTHCHECK y ONBUILD) no provocar\u00edan una p\u00e9rdida de cach\u00e9. Un atacante con conocimiento del Dockerfile que alguien est\u00e1 usando podr\u00eda envenenar su cach\u00e9 al obligarlo a extraer una imagen especialmente manipulada que se considerar\u00eda como un candidato de cach\u00e9 v\u00e1lido para algunos pasos de compilaci\u00f3n. Los usuarios de 23.0+ solo se ven afectados si optaron expl\u00edcitamente por no participar en Buildkit (variable de entorno DOCKER_BUILDKIT=0) o si est\u00e1n usando el endpoint API /build. Todos los usuarios con versiones anteriores a la 23.0 podr\u00edan verse afectados. El punto final de la API de creaci\u00f3n de im\u00e1genes (/build) y la funci\u00f3n ImageBuild de github.com/docker/docker/client tambi\u00e9n se ven afectados ya que utiliza el generador cl\u00e1sico de forma predeterminada. Los parches se incluyen en las versiones 24.0.9 y 25.0.2."
}
],
"id": "CVE-2024-24557",
"lastModified": "2024-02-09T20:21:32.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-02-01T17:15:10.953",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
ghsa-xw73-rw38-6vjc
Vulnerability from github
Published
2024-02-01 20:51
Modified
2024-07-05 18:59
Severity ?
Summary
Classic builder cache poisoning
Details
The classic builder cache system is prone to cache poisoning if the image is built FROM scratch.
Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss.
An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.
For example, an attacker could create an image that is considered as a valid cache candidate for:
FROM scratch
MAINTAINER Pawel
when in fact the malicious image used as a cache would be an image built from a different Dockerfile.
In the second case, the attacker could for example substitute a different HEALTCHECK command.
Impact
23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint (which uses the classic builder by default).
All users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.
Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default.
Patches
Patches are included in Moby releases:
- v25.0.2
- v24.0.9
- v23.0.10
Workarounds
- Use
--no-cacheor use Buildkit if possible (DOCKER_BUILDKIT=1, it's default on 23.0+ assuming that the buildx plugin is installed). - Use
Version = types.BuilderBuildKitorNoCache = trueinImageBuildOptionsforImageBuildcall.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/moby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/moby"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24557"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-346"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T20:51:19Z",
"nvd_published_at": "2024-02-01T17:15:10Z",
"severity": "MODERATE"
},
"details": "The classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.\nAlso, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.\n\n\nAn attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.\n\nFor example, an attacker could create an image that is considered as a valid cache candidate for:\n```\nFROM scratch\nMAINTAINER Pawel\n```\n\nwhen in fact the malicious image used as a cache would be an image built from a different Dockerfile.\n\nIn the second case, the attacker could for example substitute a different `HEALTCHECK` command.\n\n\n### Impact\n\n23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).\n\nAll users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.\n\nImage build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default. \n\n\n### Patches\n\nPatches are included in Moby releases:\n\n- v25.0.2\n- v24.0.9\n- v23.0.10\n\n### Workarounds\n\n- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it\u0027s default on 23.0+ assuming that the buildx plugin is installed).\n- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.\n\n",
"id": "GHSA-xw73-rw38-6vjc",
"modified": "2024-07-05T18:59:04Z",
"published": "2024-02-01T20:51:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/moby"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Classic builder cache poisoning"
}
fkie_cve-2024-24557
Vulnerability from fkie_nvd
Published
2024-02-01 17:15
Modified
2024-11-21 08:59
Severity ?
6.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mobyproject | moby | * | |
| mobyproject | moby | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8334C2EE-69C4-42D5-89C3-00C77A880F08",
"versionEndExcluding": "24.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9331CA9-E92E-4D37-8C87-92F6D4418C4A",
"versionEndExcluding": "25.0.2",
"versionStartIncluding": "25.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
},
{
"lang": "es",
"value": "Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir la contenedorizaci\u00f3n de software. El sistema de cach\u00e9 del constructor cl\u00e1sico es propenso a envenenar el cach\u00e9 si la imagen se crea DESDE scratch. Adem\u00e1s, los cambios en algunas instrucciones (las m\u00e1s importantes son HEALTHCHECK y ONBUILD) no provocar\u00edan una p\u00e9rdida de cach\u00e9. Un atacante con conocimiento del Dockerfile que alguien est\u00e1 usando podr\u00eda envenenar su cach\u00e9 al obligarlo a extraer una imagen especialmente manipulada que se considerar\u00eda como un candidato de cach\u00e9 v\u00e1lido para algunos pasos de compilaci\u00f3n. Los usuarios de 23.0+ solo se ven afectados si optaron expl\u00edcitamente por no participar en Buildkit (variable de entorno DOCKER_BUILDKIT=0) o si est\u00e1n usando el endpoint API /build. Todos los usuarios con versiones anteriores a la 23.0 podr\u00edan verse afectados. El punto final de la API de creaci\u00f3n de im\u00e1genes (/build) y la funci\u00f3n ImageBuild de github.com/docker/docker/client tambi\u00e9n se ven afectados ya que utiliza el generador cl\u00e1sico de forma predeterminada. Los parches se incluyen en las versiones 24.0.9 y 25.0.2."
}
],
"id": "CVE-2024-24557",
"lastModified": "2024-11-21T08:59:24.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-01T17:15:10.953",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
wid-sec-w-2024-0272
Vulnerability from csaf_certbund
Published
2024-01-31 23:00
Modified
2025-01-13 23:00
Summary
docker: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Docker ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder Dateien zu manipulieren.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Docker ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0272 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0272.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0272 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0272"
},
{
"category": "external",
"summary": "Docker Security Advisory vom 2024-01-31",
"url": "https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0295-1 vom 2024-02-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017833.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0294-1 vom 2024-02-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017834.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-900DC7F6FF vom 2024-02-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-900dc7f6ff"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9044C9EEFA vom 2024-02-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9044c9eefa"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5615 vom 2024-02-04",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0670 vom 2024-02-02",
"url": "https://access.redhat.com/errata/RHSA-2024:0670"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0670 vom 2024-02-06",
"url": "http://linux.oracle.com/errata/ELSA-2024-0670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0328-1 vom 2024-02-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017865.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0717 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0752 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0752"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0756 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0756"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0764 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0764"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0757 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0757"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0759 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0759"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0666 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0666"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0645 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0645"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0682 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0682"
},
{
"category": "external",
"summary": "Docker Desktop release notes vom 2024-02-08",
"url": "https://docs.docker.com/desktop/release-notes/#4272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0760 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0760"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0662 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0748 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0748"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0758 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0758"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0755 vom 2024-02-09",
"url": "https://access.redhat.com/errata/RHSA-2024:0755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0684 vom 2024-02-09",
"url": "https://access.redhat.com/errata/RHSA-2024:0684"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-17931 vom 2024-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-17931.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12148 vom 2024-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-12148.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:0752 vom 2024-02-12",
"url": "https://errata.build.resf.org/RLSA-2024:0752"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0459-1 vom 2024-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017910.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0748 vom 2024-02-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-0748.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0752 vom 2024-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-0752.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3735 vom 2024-02-19",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-SA-2024-0002 vom 2024-02-22",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0002"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0586-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017990.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0587-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017989.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7201 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7201"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-039 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-039.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-039 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-039.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1270 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1270"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0586-2 vom 2024-04-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018256.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-164 vom 2024-04-05",
"url": "https://www.dell.com/support/kbdoc/000223801/dsa-2024-="
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1469-1 vom 2024-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018439.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2988"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-12 vom 2024-07-05",
"url": "https://security.gentoo.org/glsa/202407-12"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-25 vom 2024-07-10",
"url": "https://security.gentoo.org/glsa/202407-25"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2801-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019134.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2801-2 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019136.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-25 vom 2024-08-11",
"url": "https://security.gentoo.org/glsa/202408-25"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-044 vom 2024-08-29",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-044.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-045 vom 2024-08-29",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3120-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019345.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-041 vom 2024-09-03",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-041.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-29 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-29"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-0282083260 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0282083260"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1CAB90A9E7 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1cab90a9e7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-28E375F8CA vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-28e375f8ca"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1068D5C32B vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1068d5c32b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-AFA796A751 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-afa796a751"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EE9F0F22B6 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ee9f0f22b6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-69528C0BA6 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-69528c0ba6"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2749 vom 2024-11-02",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25074"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10147 vom 2024-11-27",
"url": "https://access.redhat.com/errata/RHSA-2024:10149"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10520 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10520"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10525 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10525"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10841 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:10841"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14571-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6XZ7QNLFOMP7ZODQGCLQFRNRPEWZELNY/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0115 vom 2025-01-14",
"url": "https://access.redhat.com/errata/RHSA-2025:0115"
}
],
"source_lang": "en-US",
"title": "docker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-13T23:00:00.000+00:00",
"generator": {
"date": "2025-01-14T13:52:43.090+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0272",
"initial_release_date": "2024-01-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-01T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2024-02-05T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-02-07T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-12T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-02-21T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Palo Alto Networks aufgenommen"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE und Dell aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-04T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-10-20T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2024-11-26T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "37"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1a",
"product_id": "T038317"
}
},
{
"category": "product_version",
"name": "2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1a",
"product_id": "T038317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.10.0.2",
"product": {
"name": "Dell NetWorker \u003c19.10.0.2",
"product_id": "T033910"
}
},
{
"category": "product_version",
"name": "19.10.0.2",
"product": {
"name": "Dell NetWorker 19.10.0.2",
"product_id": "T033910-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10.0.2"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "runc \u003c1.1.12",
"product": {
"name": "Open Source docker runc \u003c1.1.12",
"product_id": "T032453"
}
},
{
"category": "product_version",
"name": "runc 1.1.12",
"product": {
"name": "Open Source docker runc 1.1.12",
"product_id": "T032453-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:runc__1.1.12"
}
}
},
{
"category": "product_version_range",
"name": "BuildKit \u003c0.12.5",
"product": {
"name": "Open Source docker BuildKit \u003c0.12.5",
"product_id": "T032454"
}
},
{
"category": "product_version",
"name": "BuildKit 0.12.5",
"product": {
"name": "Open Source docker BuildKit 0.12.5",
"product_id": "T032454-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:buildkit__0.12.5"
}
}
},
{
"category": "product_version_range",
"name": "Moby \u003c25.0.2",
"product": {
"name": "Open Source docker Moby \u003c25.0.2",
"product_id": "T032455"
}
},
{
"category": "product_version",
"name": "Moby 25.0.2",
"product": {
"name": "Open Source docker Moby 25.0.2",
"product_id": "T032455-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:moby__25.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Moby \u003c24.0.9",
"product": {
"name": "Open Source docker Moby \u003c24.0.9",
"product_id": "T032456"
}
},
{
"category": "product_version",
"name": "Moby 24.0.9",
"product": {
"name": "Open Source docker Moby 24.0.9",
"product_id": "T032456-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:moby__24.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c4.27.1",
"product": {
"name": "Open Source docker Desktop \u003c4.27.1",
"product_id": "T032457"
}
},
{
"category": "product_version",
"name": "Desktop 4.27.1",
"product": {
"name": "Open Source docker Desktop 4.27.1",
"product_id": "T032457-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:desktop__4.27.1"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c4.27.2",
"product": {
"name": "Open Source docker Desktop \u003c4.27.2",
"product_id": "T032605"
}
},
{
"category": "product_version",
"name": "Desktop 4.27.2",
"product": {
"name": "Open Source docker Desktop 4.27.2",
"product_id": "T032605-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:desktop__4.27.2"
}
}
}
],
"category": "product_name",
"name": "docker"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks Cortex XSOAR",
"product": {
"name": "PaloAlto Networks Cortex XSOAR",
"product_id": "T033043",
"product_identification_helper": {
"cpe": "cpe:/a:paloaltonetworks:cortex_xsoar:-"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.11",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.11",
"product_id": "T032600"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.11",
"product_id": "T032600-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.11"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.32",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.32",
"product_id": "T032601"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.32",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.32",
"product_id": "T032601-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.32"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.49",
"product_id": "T032602"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.49",
"product_id": "T032602-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.49"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.58",
"product_id": "T032603"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.58",
"product_id": "T032603-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.58"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21626",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der runc-Komponente aufgrund eines internen Dateideskriptor-Lecks, was zu mehreren potenziellen Sicherheitsproblemen f\u00fchrt, die eine vollst\u00e4ndige Kontrolle \u00fcber das Host-System erm\u00f6glichen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"T032453",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-21626"
},
{
"cve": "CVE-2024-23651",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente aufgrund eines Race-Condition-Problems, wenn Build-Schritte denselben Cache-Mount mit Unterpfaden teilen, was das Lesen von Dateien aus dem Host-System erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23651"
},
{
"cve": "CVE-2024-23652",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente aufgrund eines Pfad\u00fcberquerungsproblems, das es erm\u00f6glicht, eine Datei au\u00dferhalb des Containers aus dem Hostsystem zu entfernen. Ein entfernter, anonymer Angreifer kann eine Datei au\u00dferhalb des Containers entfernen, vom Host-System Dateien manipulieren."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23652"
},
{
"cve": "CVE-2024-23653",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente w\u00e4hrend der Handhabung von APIs zum Ausf\u00fchren von interaktiven Containern auf der Grundlage von erstellten Images, wodurch ein Container mit erh\u00f6hten Rechten ausgef\u00fchrt werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23653"
},
{
"cve": "CVE-2024-23650",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Pr\u00fcfung auf ungew\u00f6hnliche oder au\u00dfergew\u00f6hnliche Bedingungen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23650"
},
{
"cve": "CVE-2024-24557",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der Komponente Moby (Docker Engine) aufgrund einer unzureichenden \u00dcberpr\u00fcfung der von Grund auf neu erstellten Images. Ein entfernter, anonymer Angreifer mit Kenntnis der Dockerdatei, die jemand verwendet, kann einen Cache-Poisoning-Angriff durchf\u00fchren und so die Sicherheitsma\u00dfnahmen umgehen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032455",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-24557"
}
]
}
WID-SEC-W-2024-0272
Vulnerability from csaf_certbund
Published
2024-01-31 23:00
Modified
2025-01-13 23:00
Summary
docker: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Docker ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder Dateien zu manipulieren.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Docker ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0272 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0272.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0272 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0272"
},
{
"category": "external",
"summary": "Docker Security Advisory vom 2024-01-31",
"url": "https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0295-1 vom 2024-02-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017833.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0294-1 vom 2024-02-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017834.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-900DC7F6FF vom 2024-02-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-900dc7f6ff"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9044C9EEFA vom 2024-02-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9044c9eefa"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5615 vom 2024-02-04",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0670 vom 2024-02-02",
"url": "https://access.redhat.com/errata/RHSA-2024:0670"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0670 vom 2024-02-06",
"url": "http://linux.oracle.com/errata/ELSA-2024-0670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0328-1 vom 2024-02-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017865.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0717 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0752 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0752"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0756 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0756"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0764 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0764"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0757 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0757"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0759 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0759"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0666 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0666"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0645 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0645"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0682 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0682"
},
{
"category": "external",
"summary": "Docker Desktop release notes vom 2024-02-08",
"url": "https://docs.docker.com/desktop/release-notes/#4272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0760 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0760"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0662 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0748 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0748"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0758 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0758"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0755 vom 2024-02-09",
"url": "https://access.redhat.com/errata/RHSA-2024:0755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0684 vom 2024-02-09",
"url": "https://access.redhat.com/errata/RHSA-2024:0684"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-17931 vom 2024-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-17931.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12148 vom 2024-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-12148.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:0752 vom 2024-02-12",
"url": "https://errata.build.resf.org/RLSA-2024:0752"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0459-1 vom 2024-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017910.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0748 vom 2024-02-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-0748.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0752 vom 2024-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-0752.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3735 vom 2024-02-19",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-SA-2024-0002 vom 2024-02-22",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0002"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0586-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017990.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0587-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017989.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7201 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7201"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-039 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-039.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-039 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-039.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1270 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1270"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0586-2 vom 2024-04-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018256.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-164 vom 2024-04-05",
"url": "https://www.dell.com/support/kbdoc/000223801/dsa-2024-="
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1469-1 vom 2024-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018439.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2988"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-12 vom 2024-07-05",
"url": "https://security.gentoo.org/glsa/202407-12"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-25 vom 2024-07-10",
"url": "https://security.gentoo.org/glsa/202407-25"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2801-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019134.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2801-2 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019136.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-25 vom 2024-08-11",
"url": "https://security.gentoo.org/glsa/202408-25"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-044 vom 2024-08-29",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-044.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-045 vom 2024-08-29",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3120-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019345.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-041 vom 2024-09-03",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-041.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-29 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-29"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-0282083260 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0282083260"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1CAB90A9E7 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1cab90a9e7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-28E375F8CA vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-28e375f8ca"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1068D5C32B vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1068d5c32b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-AFA796A751 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-afa796a751"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EE9F0F22B6 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ee9f0f22b6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-69528C0BA6 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-69528c0ba6"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2749 vom 2024-11-02",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25074"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10147 vom 2024-11-27",
"url": "https://access.redhat.com/errata/RHSA-2024:10149"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10520 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10520"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10525 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10525"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10841 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:10841"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14571-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6XZ7QNLFOMP7ZODQGCLQFRNRPEWZELNY/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0115 vom 2025-01-14",
"url": "https://access.redhat.com/errata/RHSA-2025:0115"
}
],
"source_lang": "en-US",
"title": "docker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-13T23:00:00.000+00:00",
"generator": {
"date": "2025-01-14T13:52:43.090+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0272",
"initial_release_date": "2024-01-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-01T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2024-02-05T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-02-07T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-12T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-02-21T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Palo Alto Networks aufgenommen"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE und Dell aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-04T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-10-20T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2024-11-26T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "37"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1a",
"product_id": "T038317"
}
},
{
"category": "product_version",
"name": "2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1a",
"product_id": "T038317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.10.0.2",
"product": {
"name": "Dell NetWorker \u003c19.10.0.2",
"product_id": "T033910"
}
},
{
"category": "product_version",
"name": "19.10.0.2",
"product": {
"name": "Dell NetWorker 19.10.0.2",
"product_id": "T033910-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10.0.2"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "runc \u003c1.1.12",
"product": {
"name": "Open Source docker runc \u003c1.1.12",
"product_id": "T032453"
}
},
{
"category": "product_version",
"name": "runc 1.1.12",
"product": {
"name": "Open Source docker runc 1.1.12",
"product_id": "T032453-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:runc__1.1.12"
}
}
},
{
"category": "product_version_range",
"name": "BuildKit \u003c0.12.5",
"product": {
"name": "Open Source docker BuildKit \u003c0.12.5",
"product_id": "T032454"
}
},
{
"category": "product_version",
"name": "BuildKit 0.12.5",
"product": {
"name": "Open Source docker BuildKit 0.12.5",
"product_id": "T032454-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:buildkit__0.12.5"
}
}
},
{
"category": "product_version_range",
"name": "Moby \u003c25.0.2",
"product": {
"name": "Open Source docker Moby \u003c25.0.2",
"product_id": "T032455"
}
},
{
"category": "product_version",
"name": "Moby 25.0.2",
"product": {
"name": "Open Source docker Moby 25.0.2",
"product_id": "T032455-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:moby__25.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Moby \u003c24.0.9",
"product": {
"name": "Open Source docker Moby \u003c24.0.9",
"product_id": "T032456"
}
},
{
"category": "product_version",
"name": "Moby 24.0.9",
"product": {
"name": "Open Source docker Moby 24.0.9",
"product_id": "T032456-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:moby__24.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c4.27.1",
"product": {
"name": "Open Source docker Desktop \u003c4.27.1",
"product_id": "T032457"
}
},
{
"category": "product_version",
"name": "Desktop 4.27.1",
"product": {
"name": "Open Source docker Desktop 4.27.1",
"product_id": "T032457-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:desktop__4.27.1"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c4.27.2",
"product": {
"name": "Open Source docker Desktop \u003c4.27.2",
"product_id": "T032605"
}
},
{
"category": "product_version",
"name": "Desktop 4.27.2",
"product": {
"name": "Open Source docker Desktop 4.27.2",
"product_id": "T032605-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:desktop__4.27.2"
}
}
}
],
"category": "product_name",
"name": "docker"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks Cortex XSOAR",
"product": {
"name": "PaloAlto Networks Cortex XSOAR",
"product_id": "T033043",
"product_identification_helper": {
"cpe": "cpe:/a:paloaltonetworks:cortex_xsoar:-"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.11",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.11",
"product_id": "T032600"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.11",
"product_id": "T032600-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.11"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.32",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.32",
"product_id": "T032601"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.32",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.32",
"product_id": "T032601-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.32"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.49",
"product_id": "T032602"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.49",
"product_id": "T032602-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.49"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.58",
"product_id": "T032603"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.58",
"product_id": "T032603-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.58"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21626",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der runc-Komponente aufgrund eines internen Dateideskriptor-Lecks, was zu mehreren potenziellen Sicherheitsproblemen f\u00fchrt, die eine vollst\u00e4ndige Kontrolle \u00fcber das Host-System erm\u00f6glichen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"T032453",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-21626"
},
{
"cve": "CVE-2024-23651",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente aufgrund eines Race-Condition-Problems, wenn Build-Schritte denselben Cache-Mount mit Unterpfaden teilen, was das Lesen von Dateien aus dem Host-System erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23651"
},
{
"cve": "CVE-2024-23652",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente aufgrund eines Pfad\u00fcberquerungsproblems, das es erm\u00f6glicht, eine Datei au\u00dferhalb des Containers aus dem Hostsystem zu entfernen. Ein entfernter, anonymer Angreifer kann eine Datei au\u00dferhalb des Containers entfernen, vom Host-System Dateien manipulieren."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23652"
},
{
"cve": "CVE-2024-23653",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente w\u00e4hrend der Handhabung von APIs zum Ausf\u00fchren von interaktiven Containern auf der Grundlage von erstellten Images, wodurch ein Container mit erh\u00f6hten Rechten ausgef\u00fchrt werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23653"
},
{
"cve": "CVE-2024-23650",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der BuildKit-Komponente aufgrund einer unsachgem\u00e4\u00dfen Pr\u00fcfung auf ungew\u00f6hnliche oder au\u00dfergew\u00f6hnliche Bedingungen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23650"
},
{
"cve": "CVE-2024-24557",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Docker. Dieser Fehler besteht in der Komponente Moby (Docker Engine) aufgrund einer unzureichenden \u00dcberpr\u00fcfung der von Grund auf neu erstellten Images. Ein entfernter, anonymer Angreifer mit Kenntnis der Dockerdatei, die jemand verwendet, kann einen Cache-Poisoning-Angriff durchf\u00fchren und so die Sicherheitsma\u00dfnahmen umgehen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032600",
"T032455",
"T032603",
"T038317",
"67646",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T027843",
"398363",
"T032605"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-24557"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.