7
CVE-2019-19921
- EPSS 0.24%
- Published 12.02.2020 15:15:12
- Last modified 21.11.2024 04:35:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Data is provided by the National Vulnerability Database (NVD)
Linuxfoundation ≫ Runc Version <= 0.1.1
Linuxfoundation ≫ Runc Version1.0.0 Updaterc1
Linuxfoundation ≫ Runc Version1.0.0 Updaterc2
Linuxfoundation ≫ Runc Version1.0.0 Updaterc3
Linuxfoundation ≫ Runc Version1.0.0 Updaterc4
Linuxfoundation ≫ Runc Version1.0.0 Updaterc5
Linuxfoundation ≫ Runc Version1.0.0 Updaterc6
Linuxfoundation ≫ Runc Version1.0.0 Updaterc7
Linuxfoundation ≫ Runc Version1.0.0 Updaterc8
Linuxfoundation ≫ Runc Version1.0.0 Updaterc9
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
Redhat ≫ Openshift Container Platform Version4.1
Redhat ≫ Openshift Container Platform Version4.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.471 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-706 Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.