Related Articles
Detectify achieves advanced technology partner status with AWS
Detectify is excited to be recognized as an advanced technology partner at Amazon Web Services (AWS). The Sweden-based IT security company has also been granted…
Detectify continues consolidating its authority in G2’s security categories
TL/DR. Detectify’s solution has been recognized by the G2 Fall Report 2022 as a Leader in the categories Website Security (ranking #1), Penetration Testing, and…
OWASP TOP 10: Cross-site Scripting – XSS
Table of Contents Description Prevalence Potential impact of cross-site scripting vulnerabilities Exploitability Well-known events How to discover cross-site scripting How Detectify can help Code example…
Impact
When using
--userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under/var/lib/docker/that cause writing files with extended privileges.Patches
Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Credits
Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @BassMatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com