{"uuid": "036d1128-a84f-4fa5-9115-5999701a4f8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-0495", "type": "seen", "source": "https://t.me/cvedetector/20530", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-0495 - Buildx OpenTelemetry Cache Secrets Exfiltration\", \n  \"Content\": \"CVE ID : CVE-2025-0495 \nPublished : March 17, 2025, 8:15 p.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.  \n  \nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from\u00a0configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u00a0OpenTelemetry traces are also saved in BuildKit daemon's history records.  \n  \n  \nThis vulnerability does not impact secrets passed to the Github cache backend\u00a0via environment variables or registry authentication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T23:20:11.000000Z"}