Four new vulnerabilities have been identified in containers that could allow a threat actor to escape the container and gain access to the host system.

These vulnerabilities have been named “Leaky Vessels” by researchers that could potentially enable a threat actor to access sensitive data on the host systems and launch further attacks.

The CVEs for these vulnerabilities have been assigned as follows

  • CVE-2024-21626 (runc process.cwd & leaked dfs container breakout – 8.6 (High))
  • CVE-2024-23651 (Buildkit Mount Cache Race – 8.7 (High) )
  • CVE-2024-23653 (Buildkit GRPC SecurityMode Privilege Check – 10.0 (Critical))
  • CVE-2024-23652 (Buildkit Build-time Container Teardown Arbitrary Delete – 9.8 (Critical))


Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Leaky Vessels


This vulnerability exists due to the order of operations defined in the WORKDIR directive of a Dockerfile, which is modified as a path traversal to access privileged directories /proc/self/fd/ that is passed through the chdir argument. 

Successful exploitation of this attack provides complete root access to the filesystem, thus enabling the attacker to control the host. The severity for this vulnerability has been given as 8.6 (High).


This vulnerability is due to a TOCTOU (time-of-check/time-of-use) race condition during the mounting of a cache volume at container build time. The race condition exists due to the validation of the source path that confirms if the source path inside the cache mount is a directory.

This vulnerability can be exploited by manipulating the cache volume source path from the mount and abusing the race condition, which could result in gaining full root host compromise. The severity for this vulnerability has been given as 8.7 (High).


This vulnerability occurs due to a missing privilege check on the GRPC endpoint. A custom input format of a Dockerfile can be specified using a # syntax= command, which defines the use of another Docker image for parsing the input. This docker image will have access to the GRPC server to enable the intermediate representation creation and submission.

However, the Container.Start endpoint allows the execution of build-time ephemeral containers which does not validate StartRequest.

The scurityMode argument can be abused by threat actors to elevate their privileges and achieve full host root command execution. The severity for this vulnerability has been given as 10.0 (Critical).


This vulnerability occurs when the Buildkit attempts to clean up temporary directories after usage. When a Dockerfile is run, some specific directories are targeted based on the configuration of the Dockerfile. If the directories don’t exist, they are created and then removed.

This particular functionality can be abused by changing the targeted directory to a symbolic link that will traverse this symbolic link and lead to deletion.

Successful exploitation of this vulnerability results in the deletion of any file on the file system. The severity for this vulnerability has been given as 9.8 (Critical).

These vulnerabilities have been published by Snyk, which provides detailed information about the exploit code, methodology, and mitigation.

Follow us on LinkedIn for the latest cybersecurity news, whitepapers, infographics, and more. Stay informed and up-to-date with the latest trends in cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *