Related Articles
All Mix →
NYC Crime Visualizations | Daniel Miessler
Few things get me as excited as data visualization. I seriously love the stuff, and this project by the New York Times is excellent. It…
Thoughts on AI Adoption Speed
One of the most talked about AI topics is the speed of AI adoption in companies, and the reasons for it. I want to give…
Security Update: Critical RCE in React Server Components & Next.js (CVE-2025-55182)
Table of Contents Affected Products Vulnerability Details Detection Mitigation Patch availability A Critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-55182, has been discovered in…
1year anniversary of BugBountyHunter & our second Hackevent | by Sean (zseano)
Sorry for the silence from me lately with regards to any new writeups or anything interesting! The new dad life has been something interesting to…
The Infosec Trinity | Daniel Miessler
Well, I just passed the final exam for the GIAC GSEC credential from SANS, and I have to say it’s a pretty good feeling. It’s…
AI is About to Feel Like AGI, and You Need to Get Ready
Created/Updated: November 21, 2022 I just wrote a piece similar to this last week, but this one drives the point home even more. Basically, the…
Impact
When using
--userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under/var/lib/docker/that cause writing files with extended privileges.Patches
Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Credits
Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @BassMatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com