Opencontainers runc Incorrect Authorization vulnerability
High severity
GitHub Reviewed
Published
Mar 3, 2023
to the GitHub Advisory Database
•
Updated Dec 6, 2024
Package
Affected versions
>= 1.0.0-rc95, < 1.1.5
Patched versions
1.1.5
Description
Published by the National Vulnerability Database
Mar 3, 2023
Published to the GitHub Advisory Database
Mar 3, 2023
Reviewed
Mar 3, 2023
Last updated
Dec 6, 2024
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to
libcontainer/rootfs_linux.go
. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.References