SecuritySpace - CVE-2023-28642

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2023-28642

Description: runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2023-28642
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c

CVE ID:	CVE-2023-28642
Description:	runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2023-28642 https://github.com/opencontainers/runc/pull/3785 https://github.com/opencontainers/runc/pull/3785 https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c