2 matches found
CVE-2022-27650
CVE-2022-27650 describes a flaw where crun (and related components used by container runtimes like Moby/Docker Engine) can cause containers to start with non-empty default inheritable capabilities. The issue enables an attacker who has access to programs with inheritable file capabilities to elev...
CVE-2019-18837
CVE-2019-18837 affects crun prior to 0.10.5. A crafted image can bypass target-symlink checks, granting access to files outside the container via the codepaths in libcrun/linux.c and libcrun/chroot_realpath.c. The vulnerability has multiple vendor/advisory references (Red Hat, Debian, OSV, CVE li...