6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
7.2%
github.com/opencontainers/runc is vulnerable to Improper Access Control. The vulnerability exists because the rootless runc makes /sys/fs/cgroup
writable when runc is executed inside the user namespace, and the config.json
does not specify the cgroup namespace to be unshared (e.gโฆ, (docker|podman|nerdctl) run --cgroupns=host
, with Rootless Docker/Podman/nerdctl) or when runc is executed outside the user namespace, and /sys
is mounted with rbind
and ro
(e.g., runc spec --rootless
; this condition is very rare), which allows an attacker to gain the write access to user-owned cgroup hierarchy /sys/fs/cgroup/user.slice/...
on the host.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/opencontainers/runc | le | v1.1.3 | |
github.com/opencontainers/runc | le | v1.1.3 |
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
7.2%