Privilege Elevation Affecting github.com/opencontainers/runc/libcontainer/user Open this link in a new tab package, versions <0.1.0


0.0
high
  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMOPENCONTAINERSRUNCLIBCONTAINERUSER-50037

  • published

    24 Mar 2016

  • disclosed

    24 Mar 2016

  • credit

    Unknown

Overview

Affected version of github.com/opencontainers/runc/libcontainer/user are vulnerable to Privilege Elevation. libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.