Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-27561

Опубликовано: 03 мар. 2023
Источник: debian
EPSS Низкий

Описание

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
runcfixed1.1.5+ds1-1package
runcfixed1.0.0~rc93+ds1-5+deb11u5bullseyepackage

Примечания

  • https://github.com/opencontainers/runc/issues/3751

  • https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334

  • https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9

  • Issue exists because of a CVE-2019-19921 regression introduced by the fix for CVE-2021-30465.

  • Pull Request: https://github.com/opencontainers/runc/pull/3773

  • Fixed by: https://github.com/opencontainers/runc/commit/0abab45c9b97c113ff2cdc16f3a7388444c3fbec (v1.1.5)

EPSS

Процентиль: 30%
0.00107
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-27561

CVSS3: 7
ubuntu
больше 2 лет назад

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

redhat логотип

CVE-2023-27561

CVSS3: 7
redhat
больше 2 лет назад

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

nvd логотип

CVE-2023-27561

CVSS3: 7
nvd
больше 2 лет назад

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

msrc логотип

CVE-2023-27561

CVSS3: 7
msrc
больше 2 лет назад

Описание отсутствует

github логотип

GHSA-vpvm-3wq2-2wvm

CVSS3: 7
github
больше 2 лет назад

Opencontainers runc Incorrect Authorization vulnerability

EPSS

Процентиль: 30%
0.00107
Низкий