漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
AppArmor bypass with symlinked /proc in runc
Vulnerability Description
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
权限预留不恰当
Vulnerability Title
runc 后置链接漏洞
Vulnerability Description
runc是一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。 runc 1.1.5之前版本存在安全漏洞,该漏洞源于当容器内的/proc与特定的挂载配置进行符号链接时可以绕过AppArmor。
CVSS Information
N/A
Vulnerability Type
N/A