VDB
RHSA-2025%3A9340
RHSA-2025%3A9340
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a 'FROM scratch' in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps. This only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.
Risk Scores
CVSS 3.1
6.900000095367432
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64 |
| Red Hat | rhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64 |
| Red Hat | rhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x |
| Red Hat | rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le |
| Red Hat | rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64 |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64 |
| Red Hat | rhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x as a component of Red Hat Ceph Storage 7.1 Tools | * |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x |
| Red Hat | rhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
| Red Hat | rhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | *, * |
…and 17 more
Timeline
- Jun 23, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:9340 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2262352 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2279451 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9340.json advisory
- https://access.redhat.com/security/cve/CVE-2024-24557 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24557 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-24557 advisory
- https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc advisory
- https://access.redhat.com/security/cve/CVE-2024-34069 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-34069 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-34069 advisory
- https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692 advisory
- https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
…and 2 more