Thursday, May 27, 2021

Red Hat OpenShift: CVE-2021-30465: runc: vulnerable to symlink exchange attack

rapid7 vulnerabilities In: , 
Description
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.    
Solution(s)
  • linuxrpm-upgrade-runc


    • References
  • https://attackerkb.com/topics/cve-2021-30465
  • CVE - 2021-30465
  • RHSA-2021:1562




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore