{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0495", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2025-01-15T15:26:40.672Z", "datePublished": "2025-03-17T19:21:11.295Z", "dateUpdated": "2025-03-18T16:25:42.668Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "buildx", "product": "buildx", "repo": "https://github.com/docker/buildx", "vendor": "docker", "versions": [{"lessThanOrEqual": "0.21.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.</p><p>Cache backends support credentials by setting secrets directly as attribute values in <code>cache-to/cache-from</code>&nbsp;configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.&nbsp;OpenTelemetry traces are also saved in BuildKit daemon's history records.<br></p><p><span style=\"background-color: rgb(255, 255, 255);\">This vulnerability does not impact secrets passed to the Github cache backend&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">via environment variables or registry authentication</span>.</span><br></p><br>"}], "value": "Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.\n\nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from\u00a0configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u00a0OpenTelemetry traces are also saved in BuildKit daemon's history records.\n\n\nThis vulnerability does not impact secrets passed to the Github cache backend\u00a0via environment variables or registry authentication."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2025-03-17T19:21:11.295Z"}, "references": [{"url": "https://github.com/docker/buildx"}], "source": {"discovery": "UNKNOWN"}, "title": "Secrets leakage to telemetry endpoint via cache backend configuration via buildx", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-18T16:25:23.455442Z", "id": "CVE-2025-0495", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T16:25:42.668Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0495", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-18T16:25:23.455442Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T16:25:37.470Z"}}], "cna": {"title": "Secrets leakage to telemetry endpoint via cache backend configuration via buildx", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/docker/buildx", "vendor": "docker", "product": "buildx", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.21.2"}], "packageName": "buildx", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/docker/buildx"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.\n\nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from\u00a0configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u00a0OpenTelemetry traces are also saved in BuildKit daemon's history records.\n\n\nThis vulnerability does not impact secrets passed to the Github cache backend\u00a0via environment variables or registry authentication.", "supportingMedia": [{"type": "text/html", "value": "<p>Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.</p><p>Cache backends support credentials by setting secrets directly as attribute values in <code>cache-to/cache-from</code>&nbsp;configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.&nbsp;OpenTelemetry traces are also saved in BuildKit daemon's history records.<br></p><p><span style=\"background-color: rgb(255, 255, 255);\">This vulnerability does not impact secrets passed to the Github cache backend&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">via environment variables or registry authentication</span>.</span><br></p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2025-03-17T19:21:11.295Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0495", "state": "PUBLISHED", "dateUpdated": "2025-03-18T16:25:42.668Z", "dateReserved": "2025-01-15T15:26:40.672Z", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "datePublished": "2025-03-17T19:21:11.295Z", "assignerShortName": "Docker"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.\n\nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from\u00a0configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u00a0OpenTelemetry traces are also saved in BuildKit daemon's history records.\n\n\nThis vulnerability does not impact secrets passed to the Github cache backend\u00a0via environment variables or registry authentication."}], "id": "CVE-2025-0495", "lastModified": "2025-03-17T20:15:13.737", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@docker.com", "type": "Secondary"}]}, "published": "2025-03-17T20:15:13.737", "references": [{"source": "security@docker.com", "url": "https://github.com/docker/buildx"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@docker.com", "type": "Secondary"}]}

{}