What is CVE-2024-23650?

CVE-2024-23650 is a medium-severity vulnerability in Moby Buildkit, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 5.3/10. Published 2024-01-31.

How severe is CVE-2024-23650?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-23650 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Moby Buildkit

CVE-2024-23650

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic…

EPSS: 0.001 (28.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Moby Buildkit — versions < 0.12.5

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

Public proof-of-concept exploits

References

https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx (x_refsource_CONFIRM)
https://github.com/moby/buildkit/pull/4601 (x_refsource_MISC)
https://github.com/moby/buildkit/releases/tag/v0.12.5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-23650?: CVE-2024-23650 is a medium-severity vulnerability in Moby Buildkit, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 5.3/10. Published 2024-01-31.
How severe is CVE-2024-23650?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-23650 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.