The impact is increased by this as described before. by injecting malware into the docker images that are built and pushed to Docker Hub. Since has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. Attackers need to have an account (or be able to register one) and need permission to create a project. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. var/run/docker.sock on Linux) is mounted into each Docker step. When using Docker-based job executors, the Docker socket (e.g.
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.Ī use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. The recommended sudoers configuration for Vagrant on Linux is insecure. An issue was discovered in Hashicorp Packer before 2.3.1.
0 kommentar(er)
