How severe is CVE-2024-23653?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-23653?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-23653 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.

Related Vulnerabilities

CVE-2001-1155

CRITICAL

CVSS:9.8(Critical)

TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass i...

CWE-8632001

CVE-2008-7109

CRITICAL

CVSS:9.8(Critical)

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does no...

CWE-8632008

CVE-2010-1435

CRITICAL

CVSS:9.8(Critical)

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the dat...

CWE-8632010

CVE-2012-6094

CRITICAL

CVSS:9.8(Critical)

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

CWE-8632012

CVE-2013-2198

CRITICAL

CVSS:9.8(Critical)

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

CWE-8632013

CVE-2016-20001

CRITICAL

CVSS:9.8(Critical)

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.

CWE-8632016