A new container escape vulnerability just dropped. It gives an attacker the ability to hop from container to host OS via runc.
7
242
1K
153K
502
Download Gif
These demos show a container being able to read /etc/shadow via docker run or docker build commands. They're pulling specifically crafted images with the exploit preloaded
@mattjay ....you've able to achieve this same thing with docker run -v /dev/<drive>:/host_drive --privileged <image> since...ever?
@mattjay you mean a linux container breakout or a docker container breakout ?