Lucene search
K

8 matches found

NVD
NVD
added 2026/06/28 2:16 a.m.11 views

CVE-2026-58053

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58053 Gitea act_runner - Container Hardening Bypass via Workflow Container Options

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.8 views

EUVD-2026-39973

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.9 views

CVE-2026-58053

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.59 views

CVE-2026-58053

Gitea act_runner (Docker backend) up to act 0.262.0 is vulnerable: the workflow.container.options are merged into the Docker job container HostConfig, and if privileged is set to false, only the Privileged flag is disabled while options such as --pid=host, --cap-add, and --security-opt remain. A ...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.6 views

PT-2023-9077 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.10.6 Traefik versions prior to 3.0.0-beta5 Description: The issue is related to the Traefik docker container using 100% CPU when it serves as its own backend, resulting from the Docker integration in the default...

8.1CVSS6.5AI score0.99999EPSS
Exploits23References67
OSV
OSV
added 2023/04/27 8:15 p.m.4 views

CVE-2022-34292

Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...

7.1CVSS5.8AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.5 views

PT-2023-2594 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue is related to a symlink attack on the hyperv/create dockerBackendV2 API, allowing attackers to overwrite any file by controlling the DataFolder parameter for...

7.1CVSS6.9AI score0.00332EPSS
Exploits0References7
Rows per page
Query Builder