user Open this link in a new tab package, versions <0.1.0

Attack Complexity

Low
Confidentiality

High
Integrity

High
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-GOLANG-GITHUBCOMOPENCONTAINERSRUNCLIBCONTAINERUSER-50037
published

24 Mar 2016
disclosed

24 Mar 2016
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 24 Mar 2016

CVE-2016-3697 Open this link in a new tab CWE-264 Open this link in a new tab

Overview

Affected version of github.com/opencontainers/runc/libcontainer/user are vulnerable to Privilege Elevation. libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Privilege Elevation Affecting github.com/opencontainers/runc/libcontainer/user Open this link in a new tab package, versions <0.1.0

Attack Complexity

Confidentiality

Integrity

Availability

snyk-id

published

disclosed

credit

Introduced: 24 Mar 2016

Overview

References