Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/app-containers/docker@25.0.4
Typeebuild
Namespaceapp-containers
Namedocker
Version25.0.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3eju-5upk-auhy
vulnerability_id VCID-3eju-5upk-auhy
summary 
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
## Impact
A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.

## Patches
This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

## Workarounds
Ensure you only run trusted containers.

## Credits
The Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

## For more information
If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at  security@docker.com  if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41089
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08744
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08592
published_at 2026-04-18T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08605
published_at 2026-04-16T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08679
published_at 2026-04-02T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.0873
published_at 2026-04-12T12:55:00Z
5
value 0.00031
scoring_system epss
scoring_elements 0.08753
published_at 2026-04-11T12:55:00Z
6
value 0.00031
scoring_system epss
scoring_elements 0.08752
published_at 2026-04-09T12:55:00Z
7
value 0.00031
scoring_system epss
scoring_elements 0.08728
published_at 2026-04-08T12:55:00Z
8
value 0.00031
scoring_system epss
scoring_elements 0.08651
published_at 2026-04-07T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08652
published_at 2026-04-01T12:55:00Z
10
value 0.00031
scoring_system epss
scoring_elements 0.08727
published_at 2026-04-04T12:55:00Z
11
value 0.00031
scoring_system epss
scoring_elements 0.08715
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41089
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41089
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41089
11
reference_url https://pkg.go.dev/vuln/GO-2024-2913
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2024-2913
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2008592
reference_id 2008592
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2008592
13
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
14
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
15
reference_url https://usn.ubuntu.com/5103-1/
reference_id USN-5103-1
reference_type
scores
url https://usn.ubuntu.com/5103-1/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2021-41089, GHSA-v994-f8vw-g7j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy
1
url VCID-5kkq-5jpf-fqev
vulnerability_id VCID-5kkq-5jpf-fqev
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41717.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41717.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41717
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56052
published_at 2026-04-21T12:55:00Z
1
value 0.00331
scoring_system epss
scoring_elements 0.56079
published_at 2026-04-18T12:55:00Z
2
value 0.00331
scoring_system epss
scoring_elements 0.56076
published_at 2026-04-16T12:55:00Z
3
value 0.00331
scoring_system epss
scoring_elements 0.56041
published_at 2026-04-13T12:55:00Z
4
value 0.00331
scoring_system epss
scoring_elements 0.56058
published_at 2026-04-12T12:55:00Z
5
value 0.00331
scoring_system epss
scoring_elements 0.56078
published_at 2026-04-11T12:55:00Z
6
value 0.00331
scoring_system epss
scoring_elements 0.56067
published_at 2026-04-09T12:55:00Z
7
value 0.00331
scoring_system epss
scoring_elements 0.56064
published_at 2026-04-08T12:55:00Z
8
value 0.00331
scoring_system epss
scoring_elements 0.56013
published_at 2026-04-07T12:55:00Z
9
value 0.00331
scoring_system epss
scoring_elements 0.56034
published_at 2026-04-04T12:55:00Z
10
value 0.00331
scoring_system epss
scoring_elements 0.56014
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41717
2
reference_url https://cs.opensource.google/go/x/net
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cs.opensource.google/go/x/net
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://go.dev/cl/455635
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/455635
6
reference_url https://go.dev/cl/455717
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/455717
7
reference_url https://go.dev/issue/56350
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/56350
8
reference_url https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41717
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41717
27
reference_url https://pkg.go.dev/vuln/GO-2022-1144
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-1144
28
reference_url https://security.gentoo.org/glsa/202311-09
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202311-09
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161274
reference_id 2161274
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161274
30
reference_url https://security.gentoo.org/glsa/202409-28
reference_id GLSA-202409-28
reference_type
scores
url https://security.gentoo.org/glsa/202409-28
31
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
32
reference_url https://access.redhat.com/errata/RHSA-2023:0328
reference_id RHSA-2023:0328
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0328
33
reference_url https://access.redhat.com/errata/RHSA-2023:0446
reference_id RHSA-2023:0446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0446
34
reference_url https://access.redhat.com/errata/RHSA-2023:0584
reference_id RHSA-2023:0584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0584
35
reference_url https://access.redhat.com/errata/RHSA-2023:0632
reference_id RHSA-2023:0632
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0632
36
reference_url https://access.redhat.com/errata/RHSA-2023:0692
reference_id RHSA-2023:0692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0692
37
reference_url https://access.redhat.com/errata/RHSA-2023:0693
reference_id RHSA-2023:0693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0693
38
reference_url https://access.redhat.com/errata/RHSA-2023:0728
reference_id RHSA-2023:0728
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0728
39
reference_url https://access.redhat.com/errata/RHSA-2023:0769
reference_id RHSA-2023:0769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0769
40
reference_url https://access.redhat.com/errata/RHSA-2023:0774
reference_id RHSA-2023:0774
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0774
41
reference_url https://access.redhat.com/errata/RHSA-2023:0899
reference_id RHSA-2023:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0899
42
reference_url https://access.redhat.com/errata/RHSA-2023:0918
reference_id RHSA-2023:0918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0918
43
reference_url https://access.redhat.com/errata/RHSA-2023:0930
reference_id RHSA-2023:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0930
44
reference_url https://access.redhat.com/errata/RHSA-2023:0931
reference_id RHSA-2023:0931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0931
45
reference_url https://access.redhat.com/errata/RHSA-2023:0932
reference_id RHSA-2023:0932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0932
46
reference_url https://access.redhat.com/errata/RHSA-2023:0934
reference_id RHSA-2023:0934
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0934
47
reference_url https://access.redhat.com/errata/RHSA-2023:1030
reference_id RHSA-2023:1030
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1030
48
reference_url https://access.redhat.com/errata/RHSA-2023:1079
reference_id RHSA-2023:1079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1079
49
reference_url https://access.redhat.com/errata/RHSA-2023:1154
reference_id RHSA-2023:1154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1154
50
reference_url https://access.redhat.com/errata/RHSA-2023:1174
reference_id RHSA-2023:1174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1174
51
reference_url https://access.redhat.com/errata/RHSA-2023:1179
reference_id RHSA-2023:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1179
52
reference_url https://access.redhat.com/errata/RHSA-2023:1181
reference_id RHSA-2023:1181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1181
53
reference_url https://access.redhat.com/errata/RHSA-2023:1268
reference_id RHSA-2023:1268
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1268
54
reference_url https://access.redhat.com/errata/RHSA-2023:1275
reference_id RHSA-2023:1275
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1275
55
reference_url https://access.redhat.com/errata/RHSA-2023:1276
reference_id RHSA-2023:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1276
56
reference_url https://access.redhat.com/errata/RHSA-2023:1310
reference_id RHSA-2023:1310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1310
57
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
58
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
59
reference_url https://access.redhat.com/errata/RHSA-2023:1327
reference_id RHSA-2023:1327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1327
60
reference_url https://access.redhat.com/errata/RHSA-2023:1328
reference_id RHSA-2023:1328
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1328
61
reference_url https://access.redhat.com/errata/RHSA-2023:1329
reference_id RHSA-2023:1329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1329
62
reference_url https://access.redhat.com/errata/RHSA-2023:1372
reference_id RHSA-2023:1372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1372
63
reference_url https://access.redhat.com/errata/RHSA-2023:1448
reference_id RHSA-2023:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1448
64
reference_url https://access.redhat.com/errata/RHSA-2023:1529
reference_id RHSA-2023:1529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1529
65
reference_url https://access.redhat.com/errata/RHSA-2023:1816
reference_id RHSA-2023:1816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1816
66
reference_url https://access.redhat.com/errata/RHSA-2023:1817
reference_id RHSA-2023:1817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1817
67
reference_url https://access.redhat.com/errata/RHSA-2023:2204
reference_id RHSA-2023:2204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2204
68
reference_url https://access.redhat.com/errata/RHSA-2023:2222
reference_id RHSA-2023:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2222
69
reference_url https://access.redhat.com/errata/RHSA-2023:2236
reference_id RHSA-2023:2236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2236
70
reference_url https://access.redhat.com/errata/RHSA-2023:2253
reference_id RHSA-2023:2253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2253
71
reference_url https://access.redhat.com/errata/RHSA-2023:2282
reference_id RHSA-2023:2282
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2282
72
reference_url https://access.redhat.com/errata/RHSA-2023:2283
reference_id RHSA-2023:2283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2283
73
reference_url https://access.redhat.com/errata/RHSA-2023:2357
reference_id RHSA-2023:2357
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2357
74
reference_url https://access.redhat.com/errata/RHSA-2023:2367
reference_id RHSA-2023:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2367
75
reference_url https://access.redhat.com/errata/RHSA-2023:2758
reference_id RHSA-2023:2758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2758
76
reference_url https://access.redhat.com/errata/RHSA-2023:2780
reference_id RHSA-2023:2780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2780
77
reference_url https://access.redhat.com/errata/RHSA-2023:2802
reference_id RHSA-2023:2802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2802
78
reference_url https://access.redhat.com/errata/RHSA-2023:2866
reference_id RHSA-2023:2866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2866
79
reference_url https://access.redhat.com/errata/RHSA-2023:3204
reference_id RHSA-2023:3204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3204
80
reference_url https://access.redhat.com/errata/RHSA-2023:3205
reference_id RHSA-2023:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3205
81
reference_url https://access.redhat.com/errata/RHSA-2023:3612
reference_id RHSA-2023:3612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3612
82
reference_url https://access.redhat.com/errata/RHSA-2023:3742
reference_id RHSA-2023:3742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3742
83
reference_url https://access.redhat.com/errata/RHSA-2023:3910
reference_id RHSA-2023:3910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3910
84
reference_url https://access.redhat.com/errata/RHSA-2023:3914
reference_id RHSA-2023:3914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3914
85
reference_url https://access.redhat.com/errata/RHSA-2023:4090
reference_id RHSA-2023:4090
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4090
86
reference_url https://access.redhat.com/errata/RHSA-2023:4091
reference_id RHSA-2023:4091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4091
87
reference_url https://access.redhat.com/errata/RHSA-2023:4470
reference_id RHSA-2023:4470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4470
88
reference_url https://access.redhat.com/errata/RHSA-2023:5982
reference_id RHSA-2023:5982
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5982
89
reference_url https://access.redhat.com/errata/RHSA-2023:6420
reference_id RHSA-2023:6420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6420
90
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
91
reference_url https://access.redhat.com/errata/RHSA-2024:0746
reference_id RHSA-2024:0746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0746
92
reference_url https://usn.ubuntu.com/6038-1/
reference_id USN-6038-1
reference_type
scores
url https://usn.ubuntu.com/6038-1/
93
reference_url https://usn.ubuntu.com/6038-2/
reference_id USN-6038-2
reference_type
scores
url https://usn.ubuntu.com/6038-2/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2022-41717, GHSA-xrjj-mj9h-534m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kkq-5jpf-fqev
2
url VCID-9j8p-hqfn-q7bj
vulnerability_id VCID-9j8p-hqfn-q7bj
summary 
BuildKit vulnerable to possible host system access from mount stub cleaner
### Impact
A malicious BuildKit frontend or Dockerfile using `RUN --mount` could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing `RUN --mount` feature.

### References
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23652
reference_id
reference_type
scores
0
value 0.05701
scoring_system epss
scoring_elements 0.90428
published_at 2026-04-21T12:55:00Z
1
value 0.05701
scoring_system epss
scoring_elements 0.9043
published_at 2026-04-18T12:55:00Z
2
value 0.05701
scoring_system epss
scoring_elements 0.90422
published_at 2026-04-12T12:55:00Z
3
value 0.05701
scoring_system epss
scoring_elements 0.90423
published_at 2026-04-11T12:55:00Z
4
value 0.05701
scoring_system epss
scoring_elements 0.90415
published_at 2026-04-13T12:55:00Z
5
value 0.05701
scoring_system epss
scoring_elements 0.90408
published_at 2026-04-08T12:55:00Z
6
value 0.05701
scoring_system epss
scoring_elements 0.90394
published_at 2026-04-07T12:55:00Z
7
value 0.05701
scoring_system epss
scoring_elements 0.9039
published_at 2026-04-04T12:55:00Z
8
value 0.05701
scoring_system epss
scoring_elements 0.90378
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23652
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/pull/4603
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/
url https://github.com/moby/buildkit/pull/4603
5
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
6
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23652
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23652
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262225
reference_id 2262225
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262225
9
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
10
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
11
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
12
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2024-23652, GHSA-4v98-7qmw-rqr8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8p-hqfn-q7bj
3
url VCID-avqu-wswg-c3ga
vulnerability_id VCID-avqu-wswg-c3ga
summary 
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.  This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

Thanks to Steven Murdoch for reporting this issue.

----

### Impact

If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. 

### Patches

 This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available.

### Workarounds

This problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

### References

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

### For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at [security@docker.com](mailto:security@docker.com)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36109
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12421
published_at 2026-04-21T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.1231
published_at 2026-04-18T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12309
published_at 2026-04-16T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12409
published_at 2026-04-13T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12449
published_at 2026-04-12T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12487
published_at 2026-04-11T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12514
published_at 2026-04-09T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12576
published_at 2026-04-04T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12533
published_at 2026-04-02T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12464
published_at 2026-04-08T12:55:00Z
10
value 0.00041
scoring_system epss
scoring_elements 0.12384
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36109
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
5
reference_url https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/
url https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
6
reference_url https://github.com/moby/moby/releases/tag/v20.10.18
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/
url https://github.com/moby/moby/releases/tag/v20.10.18
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/
url https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36109
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36109
13
reference_url https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/
url https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601
reference_id 1019601
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2127290
reference_id 2127290
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2127290
16
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2022-36109, GHSA-rc4r-wh2q-q6c4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avqu-wswg-c3ga
4
url VCID-ba18-6srf-ufbu
vulnerability_id VCID-ba18-6srf-ufbu
summary 
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
### Impact
Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with `--mount=type=cache,source=...` options.

### References
https://www.openwall.com/lists/oss-security/2019/05/28/1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23651
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.67923
published_at 2026-04-21T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.67942
published_at 2026-04-18T12:55:00Z
2
value 0.00548
scoring_system epss
scoring_elements 0.67929
published_at 2026-04-16T12:55:00Z
3
value 0.00548
scoring_system epss
scoring_elements 0.67853
published_at 2026-04-07T12:55:00Z
4
value 0.00548
scoring_system epss
scoring_elements 0.67927
published_at 2026-04-12T12:55:00Z
5
value 0.00548
scoring_system epss
scoring_elements 0.67941
published_at 2026-04-11T12:55:00Z
6
value 0.00548
scoring_system epss
scoring_elements 0.67917
published_at 2026-04-09T12:55:00Z
7
value 0.00548
scoring_system epss
scoring_elements 0.67903
published_at 2026-04-08T12:55:00Z
8
value 0.00548
scoring_system epss
scoring_elements 0.67872
published_at 2026-04-04T12:55:00Z
9
value 0.00548
scoring_system epss
scoring_elements 0.67891
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23651
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/pull/4604
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/
url https://github.com/moby/buildkit/pull/4604
5
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
6
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23651
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23651
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262224
reference_id 2262224
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262224
9
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
10
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
11
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
12
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2024-23651, GHSA-m3r6-h7wv-7xxv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba18-6srf-ufbu
5
url VCID-bzeb-kj67-vfds
vulnerability_id VCID-bzeb-kj67-vfds
summary 
Docker Swarm encrypted overlay network may be unauthenticated
[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.

Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.

The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.

Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.

When setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.

[Two iptables rules](https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L230-L234) serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the `INPUT` filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded.

On Red Hat Enterprise Linux and derivatives such as CentOS and Rocky, the `xt_u32` module has been:
* [moved to the kernel-modules-extra package and no longer installed by default in RHEL 8.3](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/rhel-8-3-0-release#technology-preview_networking)
* [officially deprecated in RHEL 8.6](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/deprecated_functionality#deprecated-functionality_networking)
* [removed completely in RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_networking_considerations-in-adopting-rhel-9#ref_firewall-networking_assembly_networking)

These rules are not created when `xt_u32` is unavailable, even though the container is still attached to the network.

## Impact
Encrypted overlay networks on affected configurations silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.

The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network.

## Patches
Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.

## Workarounds
* Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary (see [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)) to prevent all VXLAN packet injection.
* Ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.

## Background
* [#43382](https://github.com/moby/moby/issues/43382) partially discussed this concern, but did not consider the security implications.
* Mirantis FIELD-5788 essentially duplicates [#43382](https://github.com/moby/moby/issues/43382), and was created six months earlier; it similarly overlooked the security implications.
* [#45118](https://github.com/moby/moby/pull/45118) is the ancestor of the final patches, and was where the security implications were discovered.

## Related
* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)
* [CVE-2023-28842: Encrypted overlay network with a single endpoint is unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p)
* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)
* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28840.json
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28840
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.63771
published_at 2026-04-04T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.63746
published_at 2026-04-02T12:55:00Z
2
value 0.00481
scoring_system epss
scoring_elements 0.65134
published_at 2026-04-16T12:55:00Z
3
value 0.00481
scoring_system epss
scoring_elements 0.65098
published_at 2026-04-13T12:55:00Z
4
value 0.00481
scoring_system epss
scoring_elements 0.65126
published_at 2026-04-12T12:55:00Z
5
value 0.00481
scoring_system epss
scoring_elements 0.65117
published_at 2026-04-09T12:55:00Z
6
value 0.00481
scoring_system epss
scoring_elements 0.65103
published_at 2026-04-08T12:55:00Z
7
value 0.00481
scoring_system epss
scoring_elements 0.65054
published_at 2026-04-07T12:55:00Z
8
value 0.00481
scoring_system epss
scoring_elements 0.65136
published_at 2026-04-11T12:55:00Z
9
value 0.00481
scoring_system epss
scoring_elements 0.65127
published_at 2026-04-21T12:55:00Z
10
value 0.00481
scoring_system epss
scoring_elements 0.65143
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28840
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/issues/43382
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/moby/issues/43382
7
reference_url https://github.com/moby/moby/pull/45118
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/moby/pull/45118
8
reference_url https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
9
reference_url https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
10
reference_url https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28840
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28840
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2184683
reference_id 2184683
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2184683
14
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
16
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2023-28840, GHSA-232p-vwff-86mp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzeb-kj67-vfds
6
url VCID-dmsf-7cxm-xff5
vulnerability_id VCID-dmsf-7cxm-xff5
summary 
Buildkit's interactive containers API does not validate entitlements check
### Impact
In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.

### Patches
The issue has been fixed in v0.12.5 .

### Workarounds
Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.

### References
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23653
reference_id
reference_type
scores
0
value 0.10301
scoring_system epss
scoring_elements 0.93197
published_at 2026-04-18T12:55:00Z
1
value 0.10301
scoring_system epss
scoring_elements 0.93192
published_at 2026-04-16T12:55:00Z
2
value 0.10301
scoring_system epss
scoring_elements 0.93175
published_at 2026-04-12T12:55:00Z
3
value 0.10301
scoring_system epss
scoring_elements 0.93176
published_at 2026-04-13T12:55:00Z
4
value 0.10301
scoring_system epss
scoring_elements 0.93156
published_at 2026-04-02T12:55:00Z
5
value 0.10301
scoring_system epss
scoring_elements 0.9316
published_at 2026-04-04T12:55:00Z
6
value 0.10301
scoring_system epss
scoring_elements 0.93158
published_at 2026-04-07T12:55:00Z
7
value 0.10301
scoring_system epss
scoring_elements 0.93167
published_at 2026-04-08T12:55:00Z
8
value 0.10301
scoring_system epss
scoring_elements 0.93171
published_at 2026-04-09T12:55:00Z
9
value 0.10301
scoring_system epss
scoring_elements 0.93177
published_at 2026-04-11T12:55:00Z
10
value 0.1055
scoring_system epss
scoring_elements 0.93296
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23653
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e
5
reference_url https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e
6
reference_url https://github.com/moby/buildkit/pull/4602
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/
url https://github.com/moby/buildkit/pull/4602
7
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
8
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23653
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23653
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262226
reference_id 2262226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262226
11
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
12
reference_url https://security.gentoo.org/glsa/202407-25
reference_id GLSA-202407-25
reference_type
scores
url https://security.gentoo.org/glsa/202407-25
13
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2024-23653, GHSA-wr6v-9f75-vh2g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsf-7cxm-xff5
7
url VCID-e82r-vc77-f7bz
vulnerability_id VCID-e82r-vc77-f7bz
summary 
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.

Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.

The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.

Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.

When setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.

The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate.

## Impact
Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw) should be referenced for a deeper exploration.

## Patches
Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.

## Workarounds
* In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For example, use the `registry.k8s.io/pause` image and a `--mode global` service.
* For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features.
The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network.
* If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. For example, `iptables -A INPUT -m udp —-dport 4789 -m policy --dir in --pol none -j DROP`.

## Background
* This issue was discovered while characterizing and mitigating [CVE-2023-28840](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp) and [CVE-2023-28841](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237).

## Related
* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)
* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)
* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)
* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28842
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.69398
published_at 2026-04-02T12:55:00Z
1
value 0.006
scoring_system epss
scoring_elements 0.69414
published_at 2026-04-04T12:55:00Z
2
value 0.00636
scoring_system epss
scoring_elements 0.705
published_at 2026-04-16T12:55:00Z
3
value 0.00636
scoring_system epss
scoring_elements 0.70458
published_at 2026-04-13T12:55:00Z
4
value 0.00636
scoring_system epss
scoring_elements 0.70472
published_at 2026-04-12T12:55:00Z
5
value 0.00636
scoring_system epss
scoring_elements 0.70463
published_at 2026-04-09T12:55:00Z
6
value 0.00636
scoring_system epss
scoring_elements 0.70447
published_at 2026-04-08T12:55:00Z
7
value 0.00636
scoring_system epss
scoring_elements 0.70402
published_at 2026-04-07T12:55:00Z
8
value 0.00636
scoring_system epss
scoring_elements 0.70487
published_at 2026-04-11T12:55:00Z
9
value 0.00636
scoring_system epss
scoring_elements 0.70488
published_at 2026-04-21T12:55:00Z
10
value 0.00636
scoring_system epss
scoring_elements 0.70508
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28842
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
8
reference_url https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
9
reference_url https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28842
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28842
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2184688
reference_id 2184688
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2184688
12
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
14
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2023-28842, GHSA-6wrf-mxfj-pf5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e82r-vc77-f7bz
8
url VCID-e9ng-x516-53cf
vulnerability_id VCID-e9ng-x516-53cf
summary 
Moby (Docker Engine) Insufficiently restricted permissions on data directory
## Impact

A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.  When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs.  When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.

## Patches

This bug has been fixed in Moby (Docker Engine) 20.10.9.  Users should update to this version as soon as possible.  Running containers should be stopped and restarted for the permissions to be fixed.

## Workarounds

Limit access to the host to trusted users.  Limit access to host volumes to trusted containers.

## Credits

The Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

## For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at security@docker.com if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41091
reference_id
reference_type
scores
0
value 0.04746
scoring_system epss
scoring_elements 0.89438
published_at 2026-04-21T12:55:00Z
1
value 0.04746
scoring_system epss
scoring_elements 0.8943
published_at 2026-04-11T12:55:00Z
2
value 0.04746
scoring_system epss
scoring_elements 0.89429
published_at 2026-04-12T12:55:00Z
3
value 0.04746
scoring_system epss
scoring_elements 0.89424
published_at 2026-04-13T12:55:00Z
4
value 0.04746
scoring_system epss
scoring_elements 0.8944
published_at 2026-04-16T12:55:00Z
5
value 0.04746
scoring_system epss
scoring_elements 0.89441
published_at 2026-04-18T12:55:00Z
6
value 0.0558
scoring_system epss
scoring_elements 0.90259
published_at 2026-04-02T12:55:00Z
7
value 0.0558
scoring_system epss
scoring_elements 0.90298
published_at 2026-04-09T12:55:00Z
8
value 0.0558
scoring_system epss
scoring_elements 0.90291
published_at 2026-04-08T12:55:00Z
9
value 0.0558
scoring_system epss
scoring_elements 0.90276
published_at 2026-04-07T12:55:00Z
10
value 0.0558
scoring_system epss
scoring_elements 0.90256
published_at 2026-04-01T12:55:00Z
11
value 0.0558
scoring_system epss
scoring_elements 0.90272
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41091
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41091
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41091
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023448
reference_id 2023448
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023448
12
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
13
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2021-41091, GHSA-3fwx-pjgw-3558
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf
9
url VCID-f5eu-ram7-v3fr
vulnerability_id VCID-f5eu-ram7-v3fr
summary 
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
### Impact
A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command. 

### References
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23650.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23650.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23650
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29231
published_at 2026-04-21T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29301
published_at 2026-04-16T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29275
published_at 2026-04-18T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29328
published_at 2026-04-12T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.29375
published_at 2026-04-11T12:55:00Z
5
value 0.0011
scoring_system epss
scoring_elements 0.29331
published_at 2026-04-08T12:55:00Z
6
value 0.0011
scoring_system epss
scoring_elements 0.29266
published_at 2026-04-07T12:55:00Z
7
value 0.0011
scoring_system epss
scoring_elements 0.29454
published_at 2026-04-04T12:55:00Z
8
value 0.0011
scoring_system epss
scoring_elements 0.29405
published_at 2026-04-02T12:55:00Z
9
value 0.0011
scoring_system epss
scoring_elements 0.29371
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23650
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
4
reference_url https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987
5
reference_url https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c
6
reference_url https://github.com/moby/buildkit/commit/83edaef59d545b93e2750f1f85675a3764593fee
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/83edaef59d545b93e2750f1f85675a3764593fee
7
reference_url https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae
8
reference_url https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330
9
reference_url https://github.com/moby/buildkit/pull/4601
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/
url https://github.com/moby/buildkit/pull/4601
10
reference_url https://github.com/moby/buildkit/releases/tag/v0.12.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/
url https://github.com/moby/buildkit/releases/tag/v0.12.5
11
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23650
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23650
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262272
reference_id 2262272
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262272
14
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
15
reference_url https://access.redhat.com/errata/RHSA-2024:2988
reference_id RHSA-2024:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2988
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2024-23650, GHSA-9p26-698r-w4hx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5eu-ram7-v3fr
10
url VCID-hxze-9pjx-kqc8
vulnerability_id VCID-hxze-9pjx-kqc8
summary 
Buildkit credentials inlined to Git URLs could end up in provenance attestation
When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation.

Git URL can be passed in two ways:

1) Invoking build directly from a URL with credentials.

```
buildctl build --frontend dockerfile.v0 --context https://<credentials>@url/repo.git
```

Equivalent in `docker buildx` would be

```
docker buildx build https://<credentials>@url/repo.git
```

2) If the client sends additional VCS info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. 

Thanks to Oscar Alberto Tovar for discovering the issue.

### Impact
When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation.

Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable.

In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable.

Note: [Docker Build-push Github action](https://github.com/docker/build-push-action) builds from Git URLs by default but **is not** affected by this issue even when working with private repositories because the credentials are passed [with build secrets](https://github.com/docker/build-push-action/blob/v4.0.0/src/context.ts#L203) and not with URLs.

### Patches
Bug is fixed in v0.11.4 . 

### Workarounds
It is recommended to pass credentials with build secrets when building directly from Git URL as a more secure alternative than modifying the URL.

In Docker Buildx, VCS info hint can be disabled by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`.


### References
- Inline credentials in URLs deprecated in RFC3986 https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26054.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26054.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26054
reference_id
reference_type
scores
0
value 0.01033
scoring_system epss
scoring_elements 0.7739
published_at 2026-04-21T12:55:00Z
1
value 0.01033
scoring_system epss
scoring_elements 0.77308
published_at 2026-04-02T12:55:00Z
2
value 0.01033
scoring_system epss
scoring_elements 0.77337
published_at 2026-04-04T12:55:00Z
3
value 0.01033
scoring_system epss
scoring_elements 0.77317
published_at 2026-04-07T12:55:00Z
4
value 0.01033
scoring_system epss
scoring_elements 0.77347
published_at 2026-04-08T12:55:00Z
5
value 0.01033
scoring_system epss
scoring_elements 0.77356
published_at 2026-04-09T12:55:00Z
6
value 0.01033
scoring_system epss
scoring_elements 0.77383
published_at 2026-04-11T12:55:00Z
7
value 0.01033
scoring_system epss
scoring_elements 0.77363
published_at 2026-04-12T12:55:00Z
8
value 0.01033
scoring_system epss
scoring_elements 0.7736
published_at 2026-04-13T12:55:00Z
9
value 0.01033
scoring_system epss
scoring_elements 0.77399
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26054
2
reference_url https://github.com/moby/buildkit
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/buildkit
3
reference_url https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/
url https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604
4
reference_url https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/
url https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26054
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26054
9
reference_url https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176447
reference_id 2176447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2176447
11
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
13
reference_url https://access.redhat.com/errata/RHSA-2023:3537
reference_id RHSA-2023:3537
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3537
14
reference_url https://access.redhat.com/errata/RHSA-2023:5952
reference_id RHSA-2023:5952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5952
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2023-26054, GHSA-gc89-7gcr-jxqc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxze-9pjx-kqc8
11
url VCID-njcw-wc13-dqcz
vulnerability_id VCID-njcw-wc13-dqcz
summary 
Classic builder cache poisoning
The classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.
Also, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.


An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.

For example, an attacker could create an image that is considered as a valid cache candidate for:
```
FROM scratch
MAINTAINER Pawel
```

when in fact the malicious image used as a cache would be an image built from a different Dockerfile.

In the second case, the attacker could for example substitute a different `HEALTCHECK` command.


### Impact

23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).

All users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.

Image build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default. 


### Patches

Patches are included in Moby releases:

- v25.0.2
- v24.0.9
- v23.0.10

### Workarounds

- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it's default on 23.0+ assuming that the buildx plugin is installed).
- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24557
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24292
published_at 2026-04-21T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24317
published_at 2026-04-18T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24328
published_at 2026-04-16T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.2431
published_at 2026-04-13T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.24367
published_at 2026-04-12T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24409
published_at 2026-04-11T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24392
published_at 2026-04-09T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24348
published_at 2026-04-08T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24281
published_at 2026-04-07T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.24498
published_at 2026-04-04T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.24464
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24557
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
5
reference_url https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/
url https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae
6
reference_url https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd
7
reference_url https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff
8
reference_url https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/
url https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24557
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24557
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745
reference_id 1071745
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262352
reference_id 2262352
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262352
12
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
13
reference_url https://access.redhat.com/errata/RHSA-2025:11749
reference_id RHSA-2025:11749
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11749
14
reference_url https://access.redhat.com/errata/RHSA-2025:9340
reference_id RHSA-2025:9340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9340
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2024-24557, GHSA-xw73-rw38-6vjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njcw-wc13-dqcz
12
url VCID-quyf-eq2s-dbda
vulnerability_id VCID-quyf-eq2s-dbda
summary 
Docker Swarm encrypted overlay network traffic may be unencrypted
[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.

Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.

The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.

Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.

When setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.

An [iptables rule](https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207) designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation.

On Red Hat Enterprise Linux and derivatives such as CentOS and Rocky, the `xt_u32` module has been:
* [moved to the kernel-modules-extra package and no longer installed by default in RHEL 8.3](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/rhel-8-3-0-release#technology-preview_networking)
* [officially deprecated in RHEL 8.6](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/deprecated_functionality#deprecated-functionality_networking)
* [removed completely in RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_networking_considerations-in-adopting-rhel-9#ref_firewall-networking_assembly_networking)

This rule is not created when `xt_u32` is unavailable, even though the container is still attached to the network.

## Impact
Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees.

It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may rely on Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability is no longer guaranteed.

## Patches
Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.

## Workarounds
* Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary (see [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)) in order to prevent unintentionally leaking unencrypted traffic over the Internet.
* Ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.

## Background
* [#43382 ](https://github.com/moby/moby/issues/43382)partially discussed this concern, but did not consider the security implications.
* Mirantis FIELD-5788 essentially duplicates [#43382](https://github.com/moby/moby/issues/43382), and was created six months earlier; it similarly overlooked the security implications.
* [#45118](https://github.com/moby/moby/pull/45118) is the ancestor of the final patches, and was where the security implications were discovered.

## Related
* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)
* [CVE-2023-28842: Encrypted overlay network with a single endpoint is unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p)
* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)
* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28841.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28841.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28841
reference_id
reference_type
scores
0
value 0.02956
scoring_system epss
scoring_elements 0.86417
published_at 2026-04-02T12:55:00Z
1
value 0.02956
scoring_system epss
scoring_elements 0.86435
published_at 2026-04-04T12:55:00Z
2
value 0.03129
scoring_system epss
scoring_elements 0.86871
published_at 2026-04-16T12:55:00Z
3
value 0.03129
scoring_system epss
scoring_elements 0.86854
published_at 2026-04-13T12:55:00Z
4
value 0.03129
scoring_system epss
scoring_elements 0.86859
published_at 2026-04-12T12:55:00Z
5
value 0.03129
scoring_system epss
scoring_elements 0.86863
published_at 2026-04-11T12:55:00Z
6
value 0.03129
scoring_system epss
scoring_elements 0.8685
published_at 2026-04-09T12:55:00Z
7
value 0.03129
scoring_system epss
scoring_elements 0.86841
published_at 2026-04-08T12:55:00Z
8
value 0.03129
scoring_system epss
scoring_elements 0.86821
published_at 2026-04-07T12:55:00Z
9
value 0.03129
scoring_system epss
scoring_elements 0.86877
published_at 2026-04-21T12:55:00Z
10
value 0.03129
scoring_system epss
scoring_elements 0.86876
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28841
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207
5
reference_url https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
6
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
7
reference_url https://github.com/moby/moby/issues/43382
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/moby/issues/43382
8
reference_url https://github.com/moby/moby/pull/45118
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/moby/pull/45118
9
reference_url https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
10
reference_url https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
12
reference_url https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28841
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28841
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2184685
reference_id 2184685
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2184685
15
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
17
reference_url https://usn.ubuntu.com/7474-1/
reference_id USN-7474-1
reference_type
scores
url https://usn.ubuntu.com/7474-1/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:ebuild/app-containers/docker@25.0.4
purl pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4
aliases CVE-2023-28841, GHSA-33pg-m6jh-5237
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quyf-eq2s-dbda
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4