Vulnerabilities tagged "cloud"

Container escape on public GitLab CI Runners

Container escape within GitLab CI Runners abusing cgroup's `release_agent` functionality as CI jobs are allowed to mount file-systems.The `release_agent` is a script that will be executed when a cgroup heirachy becomes empty...

cr8escape: New Vulnerability in CRI-O Container Engine [CVE-2022-0811]

Simple container escape compared to several we've covered in the past, the `sysctls` passed into the `pinns` utility are delimited by a `+` which can be maliciously included in a value to inject otherwise blocked `sysctls`. There is some minimal validation on the `sysctls` being passed in to ensure the keys don't match any sensitive keys, however an attacker can set a value to `+sensitive.key=othervalue` to smuggle in a blocked option.