Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incus vulnerable to local privilege escalation through custom storage volumes
Vulnerability Description
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Incus 安全漏洞
Vulnerability Description
Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.0.6之前版本和6.19.0之前版本存在安全漏洞,该漏洞源于未正确限制自定义存储卷的权限,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A