in dompdf/dompdf

Description The Scenario 3 you described in this report https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e/ actually opens up the ability to bypass chroot checks. Proof of Concept 1: Make sure you install Dompdf from GitHub https://github.com/dompdf/dompdf/ and include the following...

Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

GHSA-7638-R9R3-RMJJ Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

Information Disclosure

buildah is vulnerable to information disclosure. When using buildah bud with chroot isolation. Dockerfile RUN commands executed during rootless buildah bud execution can read environment variables from the host, which may include confidential information, such as container registry credentials...

CVE-2021-32769

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut...

CVE-2021-32769

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut...

Path traversal

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut...

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image.

...

CVE-2021-3602

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...

Advisory ROSA-SA-2021-1977

Software: sssd 1.16.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-16883 CVE-Crit: MEDIUM CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the "alloweduids" configuration parameter. If sensitive information was stored in a user's directory, it...

MGASA-2021-0282 Updated kernel packages fix security and other issues

The kernel update in MGASA-2021-0257 contained some security fixes that caused regressions in at least some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes. For more info...

Updated kernel-linus packages fix security and other issues

The kernel-linus update in MGASA-2021-0258 contained some security fixes that caused regressions in at least some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes. For more...

SUSE: Security Advisory (SUSE-SU-2019:2030-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora has an unspecified vulnerability

Fedora is a set of Linux operating systems from the Fedora community. A security vulnerability exists in Fedora's Mounting /proc filesystem, which can be exploited by an attacker to bypass the chroot environment and gain write access to files...

DEBIAN-CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise...

CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise...

CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise...

CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise...

Command injection

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise...

CVE-2008-2544

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise...