docker is vulnerable to privilege escalation. The --userns-remap
option allows the root user in the remapped namespace, who has access to the host filesystem, to modify files under /var/lib/docker/
and write files with extended privileges.
docs.docker.com/engine/release-notes/#20103
github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
github.com/moby/moby/releases/tag/v19.03.15
github.com/moby/moby/releases/tag/v20.10.3
github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
security-tracker.debian.org/tracker/CVE-2021-21284
security.gentoo.org/glsa/202107-23
security.netapp.com/advisory/ntap-20210226-0005/
www.debian.org/security/2021/dsa-4865