CVE-2023-28642: Improper Preservation of Permissions
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc
inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc
. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
References
Detect and mitigate CVE-2023-28642 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →