Source: docker-buildx X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for docker-buildx. CVE-2025-0495[0]: | Buildx is a Docker CLI plugin that extends build capabilities using | BuildKit. Cache backends support credentials by setting secrets | directly as attribute values in cache-to/cache-from configuration. | When supplied as user input, these secure values may be | inadvertently captured in OpenTelemetry traces as part of the | arguments and flags for the traced CLI command. OpenTelemetry traces | are also saved in BuildKit daemon's history records. This | vulnerability does not impact secrets passed to the Github cache | backend via environment variables or registry authentication. https://github.com/docker/buildx/security/advisories/GHSA-m4gq-fm9h-8q75 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-0495 https://www.cve.org/CVERecord?id=CVE-2025-0495 Please adjust the affected versions in the BTS as needed.
