漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
Vulnerability Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
CWE-61
Vulnerability Title
firecracker 安全漏洞
Vulnerability Description
firecracker是firecracker-microvm开源的一个用于无服务器计算的微型虚拟机。 firecracker v1.13.1及之前版本和1.14.0版本存在安全漏洞,该漏洞源于jailer组件存在UNIX符号链接跟随问题,可能导致本地主机用户覆盖任意主机文件。
CVSS Information
N/A
Vulnerability Type
N/A