Untriaged
Cri-o: malicious container can create symlink on host
A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Affected products
cri-o
- <1.29.5
- *
- <1.30.1
- <1.28.7
rhcos
- *
conman
conmon
kernel
- *
openshift
- *
container-tools:rhel8/podman
Matching in nixpkgs
pkgs.cri-o
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
-
nixos-unstable -
- nixpkgs-unstable 1.34.0
pkgs.cri-o-unwrapped
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
-
nixos-unstable -
- nixpkgs-unstable 1.34.0
Package maintainers
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>