![]() ![]() ![]() Attackers can invoke the add_user interface in the system module to gain root privileges. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.Īn issue was discovered on GL.iNet devices through 4.5.0. This issue has been fixed in Docker Desktop 4.23.0. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).Ī feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.ĭocker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. ![]() There is no issue when the parameter isn't used or when any value is used besides an empty list. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.Īn issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |