Researchers discovered a collection of four vulnerabilities in container engine components dubbed “Leaky Vessels,” three of which allow the perpetrators to escape out of containers and perform malicious operations on the host system.
One of the vulnerabilities, CVE-2024-21626, affects runC, a lightweight container runtime for Docker and other container environments. It is the most critical of the four vulnerabilities, with a severity score of 8.6. According to Rory McNamara, a staff security researcher at Snyk (which identified the flaws and reported them to Docker), the runC bug allows container escape during both build and runtime.
In worst-case scenarios, a hacker who acquires unauthorised access to an underlying host operating system may be able to access anything else running on the same host, including critical credentials that allow the adversary to launch new attacks.
“Since this vulnerability affects anybody using containers to build applications — essentially every cloud-native developer worldwide — unchecked access could potentially compromise entire Docke
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: