github.com/moby/buildkit is vulnerable to information disclosure. The os.OpenFile
in util/binfmt_misc/check.go
uses an unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call, resulting in the creation of unnecessary file that can contain confidential information.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/moby/buildkit | le | v0.7.2 | |
github.com/moby/moby | le | v19.03.8 | |
github.com/moby/buildkit | le | v0.7.2 | |
github.com/moby/moby | le | v19.03.8 |