Improper Privilege Management Affecting github.com/containerd/containerd/pkg/process Open this link in a new tab package, versions <1.3.0-beta.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
28 Nov 2019
26 Nov 2018
Introduced: 26 Nov 2018CWE-269 Open this link in a new tab
How to fix?
github.com/containerd/containerd/pkg/process to version 1.3.0-beta.0 or higher.
github.com/containerd/containerd/pkg/process is an open and reliable container runtime.
Affected versions of this package are vulnerable to Improper Privilege Management. Due to the usage of
unix.Kill to kill a exec process, the pid in execProcess does not get deleted after a exec process has been stopped. Under certain conditions, it might be possible to for unprivileged process reuse generated pid and gain access to its privileges.