Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Secrets leakage to telemetry endpoint via cache backend configuration via buildx
Vulnerability Description
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
buildx 安全漏洞
Vulnerability Description
buildx是Docker开源的一个 Docker CLI 插件,用于通过 BuildKit 扩展构建功能。 buildx存在安全漏洞,该漏洞源于缓存后端支持凭据时,安全值可能被无意中捕获到OpenTelemetry跟踪中。
CVSS Information
N/A
Vulnerability Type
N/A