Vulnerabilities tagged 'cloud'

Container escape on public GitLab CI Runners

Container escape within GitLab CI Runners abusing cgroup’s release_agent functionality as CI jobs are allowed to mount file-systems.The release_agent is a script that will be executed when a cgroup heirachy becomes empty…


cr8escape: New Vulnerability in CRI-O Container Engine [CVE-2022-0811]

Simple container escape compared to several we’ve covered in the past, the sysctls passed into the pinns utility are delimited by a + which can be maliciously included in a value to inject otherwise blocked sysctls. There is some minimal validation on the sysctls being passed in to ensure the keys don’t match any sensitive keys, however an attacker can set a value to +sensitive.key=othervalue to smuggle in a blocked option.