On Thu, Apr 27, 2023 at 1:39 AM Moritz Mühlenhoff <j...@inutil.org> wrote: > > Source: docker.io > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for docker.io. > > CVE-2022-37708[0]: > | Docker version 20.10.15, build fd82621 is vulnerable to Insecure > | Permissions. Unauthorized users outside the Docker container can > | access any files within the Docker container. > > The only reference here seems to be > upstream: https://github.com/thekevinday/docker_lightman_exploit > > Not sure if this was reported upstream
I have talked to Tianon on 2023-02-28, and we concluded that it's not a security issue, just working as expected. Tianon said he will ask someone inside the Docker company. Not sure if they have successfully invalidated this CVE. -- Shengjing Zhu