vulnerability
SUSE: CVE-2025-0495: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Mar 17, 2025 | Apr 21, 2025 | Apr 23, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Mar 17, 2025
Added
Apr 21, 2025
Modified
Apr 23, 2025
Description
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.
Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records.
This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.
Solution(s)
suse-upgrade-dockersuse-upgrade-docker-bash-completionsuse-upgrade-docker-stablesuse-upgrade-docker-stable-bash-completion
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.