Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Harden-Runner Evasion of 'disable-sudo' policy
Vulnerability Description
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
特权链锁
Vulnerability Title
Harden-Runner 安全漏洞
Vulnerability Description
Harden-Runner是StepSecurity开源的一个程序。为 GitHub 托管和自托管的跑步者提供网络出口过滤和运行时安全。 Harden-Runner 0.12.0至2.12.0之前版本存在安全漏洞,该漏洞源于disable-sudo策略可能被绕过,导致攻击者通过docker组恢复root访问权限。
CVSS Information
N/A
Vulnerability Type
N/A