CVE-2019-10144

Summary

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]rkt1.30.0affected

Weaknesses

  • CWE-250: CWE-250

ADP Enrichment

CVE Program Container

Additional References

References