Read Next
Mix
July 31, 2025
Debunking API Security Myths
Mix
July 29, 2025
How to identify the origin IP
Mix
July 27, 2025
Self-Contained TypeScript Programs Using Bun
Mix
July 27, 2025
Building a Personal AI Infrastructure (PAI)
Mix
July 27, 2025
I Built a Claude Code Pop Menu Inside of Neovim
Mix
July 26, 2025
Search in Zola: Fuse.js vs. Elasticlunr.js
Mix
July 24, 2025
AI Lets You Do Way More Stuff
July 31, 2025
[tl;dr sec] #290 – Securing MCP, AppSec Archetypes, CISO’s Guide to Protecting Crown Jewels
July 31, 2025
Debunking API Security Myths
July 29, 2025
How to identify the origin IP
July 27, 2025
Getting a Shell on the LAU-G150-C Optical Network Terminal
July 27, 2025
Self-Contained TypeScript Programs Using Bun
July 27, 2025
Building a Personal AI Infrastructure (PAI)
July 27, 2025
I Built a Claude Code Pop Menu Inside of Neovim
July 26, 2025
Search in Zola: Fuse.js vs. Elasticlunr.js
July 25, 2025
Remote Code Execution in Microsoft SharePoint (CVE-2025-53770) — API Security
July 24, 2025
AI Lets You Do Way More Stuff
Related Articles
Happiness, Struggle, and Options
July 23, 2025
Why America is Falling
July 23, 2025
Happiness, Struggle, and Options
July 23, 2025
Shallow on Purpose
July 23, 2025
Impact
When using
--userns-remap
, if the root user in the remapped namespace has access to the host filesystem they can modify files under/var/lib/docker/
that cause writing files with extended privileges.Patches
Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Credits
Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @BassMatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to [email protected]