{"id":"GO-2024-2497","summary":"Privilege escalation in github.com/moby/buildkit","details":"BuildKit provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.","aliases":["CVE-2024-23653","GHSA-wr6v-9f75-vh2g"],"modified":"2026-02-04T03:48:49.374178Z","published":"2024-02-07T04:19:28Z","related":["CGA-c52m-5j7q-7jxp"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-2497"},"references":[{"type":"FIX","url":"https://github.com/moby/buildkit/pull/4602"},{"type":"FIX","url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e"},{"type":"FIX","url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e"},{"type":"WEB","url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"}],"affected":[{"package":{"name":"github.com/moby/buildkit","ecosystem":"Go","purl":"pkg:golang/github.com/moby/buildkit"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.12.5"}]}],"ecosystem_specific":{"imports":[{"symbols":["Solver.Solve","ValidateEntitlements","llbBridge.Exec","llbBridge.Run","provenanceBridge.Solve"],"path":"github.com/moby/buildkit/solver/llbsolver"},{"symbols":["BridgeClient.NewContainer","GatewayForwarder.Solve","LLBBridgeToGatewayClient"],"path":"github.com/moby/buildkit/frontend/gateway/forwarder"},{"symbols":["newController"],"path":"github.com/moby/buildkit/cmd/buildkitd"},{"symbols":["NewContainer"],"path":"github.com/moby/buildkit/frontend/gateway/container"},{"symbols":["NewBridgeForwarder","gatewayFrontend.Solve","llbBridgeForwarder.NewContainer","newBridgeForwarder","serveLLBBridgeForwarder"],"path":"github.com/moby/buildkit/frontend/gateway"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2497.json"}}],"schema_version":"1.7.3","credits":[{"name":"@rmcnamara-snyk"}]}