Thursday, May 27, 2021

Red Hat OpenShift: CVE-2021-30465: runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.
  • linuxrpm-upgrade-runc

  • References
  • CVE - 2021-30465
  • RHSA-2021:1562


    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated