runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/opencontainers/runc(Go) | 0 | 1.0.0-rc9.0.20200122160610-2fc03cc11c77 | N/A |
CVSS Metrics
