CVE-2024-23652

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.12.5

Description A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue is related to incorrect restriction of the path name to a directory with limited access, which may allow a remote attacker to delete arbitrary files outside the container.

Recommendations For versions prior to 0.12.5, update to version 0.12.5 to resolve the issue. As a temporary workaround, consider avoiding the use of BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing the RUN --mount feature.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

AZL-34086

AZL-35010

BDU:2024-01029

CLEANSTART-2026-BK59402

CLEANSTART-2026-BN11148

CLEANSTART-2026-GY69323

CLEANSTART-2026-HI89495

CLEANSTART-2026-HL71566

CLEANSTART-2026-JD48541

CLEANSTART-2026-OS18490

CLEANSTART-2026-SB85645

CLEANSTART-2026-SP51034

CLEANSTART-2026-TD34476

CLEANSTART-2026-XL45869

CLEANSTART-2026-YB44027

CLEANSTART-2026-ZM20570

CVE-2024-23652

GHSA-4V98-7QMW-RQR8

GO-2024-2494

OPENSUSE-SU-2024:13651-1

OPENSUSE-SU-2024:13689-1

OPENSUSE-SU-2024:14059-1

OPENSUSE-SU-2024_3120-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2024:0586-1

SUSE-SU-2024:0586-2

SUSE-SU-2024:0587-1

SUSE-SU-2024:1469-1

SUSE-SU-2024:3120-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

SUSE-SU-2025:20056-1

SUSE-SU-2025:20107-1

USN-7474-1

Affected Products

Astra Linux

Buildkit

Linuxmint

Suse

Ubuntu

CVE-2024-23652

Weakness Enumeration

Related Identifiers

Affected Products

References · 420