BuildKit interactive containers API does not validate entitlements check
CVE-2024-23653
9.8CRITICAL
What is CVE-2024-23653?
A privilege escalation vulnerability exists in BuildKit, a toolkit designed for converting source code into build artifacts effectively and predictably. The issue stems from the functionality that allows running interactive containers based on built images. It is possible for an attacker to exploit this feature to run containers with elevated privileges, provided specific conditions related to the security.insecure entitlement are met. Typically, this entitlement requires deliberate enabling through the buildkitd configuration and user consent. Users are advised to avoid utilizing BuildKit frontends from untrusted sources and to upgrade to version 0.12.5 or later to mitigate this risk.
Affected Version(s)
buildkit < 0.12.5
