CVE-2019-10147

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.

• CVE ID
• CVE-2019-10147

• Assigner
• secalert@redhat.com

• Vulnerability Status
• Analyzed

• Published Version
• 2019-06-03T19:29:01

• Last Modified Date
• 2020-09-30T14:21:13

• Version
• 2.0

• Vector String
• AV:L/AC:M/Au:N/C:C/I:C/A:C

• Access Vector
• LOCAL

• Access Compatibility
• MEDIUM

• Authentication
• NONE

• Confidentiality Impact
• COMPLETE

• Integrity Impact
• COMPLETE

• Availability Impact
• COMPLETE

• Base Score
• 6.9

• Severity
• MEDIUM

• Exploitability Score
• 3.4

• Impact Score
• 10

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

• Attack Vector
• LOCAL

• Attack Compatibility
• LOW

• Privileges Required
• HIGH

• User Interaction
• REQUIRED

• Scope
• CHANGED

• Confidentiality Impact
• HIGH

• Availability Impact
• HIGH

• Base Score
• 7.7

• Base Severity
• HIGH

• Exploitability Score
• 1.1

• Impact Score
• 6