2 matches found
CVE-2026-47833
setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...
PT-2022-17991 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue allows an attacker to overwrite administrator-writable files by creating a symlink where the installer writes its log file. This can be exploited when the Docker Desktop installer ...