9 matches found
EUVD-2022-15292
Malicious code in bioql PyPI...
Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
The "hotpatch" released by Amazon Web Services AWS in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch...
Privilege Escalation
github.com/bottlerocket-os/hotdog is vulnerable to privilege escalation. The vulnerability exists in main function in main.go due to an incomplete fix for CVE-2021-3101, because the target JVM processor doesn't limit the resources and filters which allows an attacker to gain access on host and...
CVE-2021-3101
Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container...
CVE-2021-3101
Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container...
Design/Logic Flaw
Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked...
CVE-2022-0071
CVE-2022-0071 documents confirm an incomplete fix for CVE-2021-3101 in Hotdog prior to v1.0.2. The vulnerability arises because Hotdog did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. As a result, a container could exhaust host resources, modif...
CVE-2021-3101
CVE-2021-3101 concerns Hotdog (a Bottlerocket OCI hook) before v1.0.1. It did not mimic the capabilities/SELinux label of the target JVM process, enabling a container to gain full privileges on the host and bypass container restrictions. Affected component: Hotdog (prior to 1.0.1); exploitation c...
CVE-2021-3101 Hotdog Container Escape
Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container...