On Wed, 26 Apr 2023 at 13:21, Shengjing Zhu <z...@debian.org> wrote: > On Thu, Apr 27, 2023 at 1:39 AM Moritz Mühlenhoff <j...@inutil.org> wrote: > > > > Source: docker.io > > X-Debbugs-CC: t...@security.debian.org > > Severity: important > > Tags: security > > > > Hi, > > > > The following vulnerability was published for docker.io. > > > > CVE-2022-37708[0]: > > | Docker version 20.10.15, build fd82621 is vulnerable to Insecure > > | Permissions. Unauthorized users outside the Docker container can > > | access any files within the Docker container. > > > > The only reference here seems to be > > upstream: https://github.com/thekevinday/docker_lightman_exploit > > > > Not sure if this was reported upstream > > I have talked to Tianon on 2023-02-28, and we concluded that it's not > a security issue, just working as expected. > > Tianon said he will ask someone inside the Docker company. Not sure if > they have successfully invalidated this CVE.
My colleague disputed it, but we apparently never heard back about the dispute. 🤷 ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4