Are you a Docker customer? If so, you should upgrade to the latest version of Docker immediately. Security researchers have detailed a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape. Learn more:
TheCVE-2019-14271flaw was fixed in Docker version19.03.1, but if left unpatched could give an attacker full root code execution on the host.
“The vulnerability can be exploited, provided that a container has been compromised by a previous attack (e.g. through any other vulnerability, leaked secrets, etc.), or when a user runs a malicious container image from an untrusted source (registry or other),” explainedPalo Alto Networkssenior security researcher, Yuval Avrahami.
“If the user then executes the vulnerable cp command to copy files out of the compromised container, the attacker can escape and take full root control of the host and all other containers in it.”
The link for this article located at Infosecurity is no longer available.
