Related Articles
All Mix →
Migrating to the cloud but without screwing it up, or how to move house
Table of Contents Re-host Re-platform Re-factor A practical guide to moving to cloud services with minimal downtime, using AWS examples. For an application that’s ready…
Key Findings From The Hacker-Powered Security Report: It’s Not Just For Tech (1 of 6)
This is the first in a six-part series expanding on the “key findings” of the Hacker-Powered Security Report 2017. Based on data gathered from over…
The Original Sin Was Committed by God, Not Man
Table of Contents The Free Will Gambit Desires > Free Will: The Well Scenario Links When debating someone who believes in the fundamental components of…
Celebrating Pride at HackerOne | HackerOne
June is widely recognized as Pride month –an important moment to pause, celebrate, and support our community, employees and friends in the LGBTQIA+ community. We…
Hacking or coding – Should you learn code before hacking? Detectify Labs
Table of Contents Writing your own tools Insider knowledge Source code review Automation Resources to learn more You will find a common pattern if you…
Atheistic Societies Are Happy Societies
According to a major study there’s a very strong correlation between atheism and societal health. Here are the most non-religious countries in the world, according…
Impact
When using
--userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under/var/lib/docker/that cause writing files with extended privileges.Patches
Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Credits
Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @BassMatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com