CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19921

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.6%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 4.4

References

Products affected by CVE-2019-19921

Linuxfoundation » Runc » Version: N/A

cpe:2.3:a:linuxfoundation:runc:-
Linuxfoundation » Runc » Version: 0.0.1

cpe:2.3:a:linuxfoundation:runc:0.0.1
Linuxfoundation » Runc » Version: 0.0.2

cpe:2.3:a:linuxfoundation:runc:0.0.2
Linuxfoundation » Runc » Version: 0.0.2.1

cpe:2.3:a:linuxfoundation:runc:0.0.2.1
Linuxfoundation » Runc » Version: 0.0.3

cpe:2.3:a:linuxfoundation:runc:0.0.3
Linuxfoundation » Runc » Version: 0.0.4

cpe:2.3:a:linuxfoundation:runc:0.0.4
Linuxfoundation » Runc » Version: 0.0.5

cpe:2.3:a:linuxfoundation:runc:0.0.5
Linuxfoundation » Runc » Version: 0.0.6

cpe:2.3:a:linuxfoundation:runc:0.0.6
Linuxfoundation » Runc » Version: 0.0.7

cpe:2.3:a:linuxfoundation:runc:0.0.7
Linuxfoundation » Runc » Version: 0.0.8

cpe:2.3:a:linuxfoundation:runc:0.0.8
Linuxfoundation » Runc » Version: 0.0.9

cpe:2.3:a:linuxfoundation:runc:0.0.9
Linuxfoundation » Runc » Version: 0.1.0

cpe:2.3:a:linuxfoundation:runc:0.1.0
Linuxfoundation » Runc » Version: 0.1.1

cpe:2.3:a:linuxfoundation:runc:0.1.1
Linuxfoundation » Runc » Version: 1.0.0

cpe:2.3:a:linuxfoundation:runc:1.0.0
Redhat » Openshift Container Platform » Version: 4.1

cpe:2.3:a:redhat:openshift_container_platform:4.1
Redhat » Openshift Container Platform » Version: 4.2

cpe:2.3:a:redhat:openshift_container_platform:4.2
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Canonical » Ubuntu Linux » Version: 19.10

cpe:2.3:o:canonical:ubuntu_linux:19.10
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19921

Products

Pricing

Contact Us