Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
privilege escalation in Moby
Vulnerability Description
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Docker 路径遍历漏洞
Vulnerability Description
Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker 9.03.15 版本之前和 20.10.3 版本存在路径遍历漏洞,该漏洞源于被映射的命名空间中的根用户可以访问主机文件系统。
CVSS Information
N/A
Vulnerability Type
N/A