Redhat RKT 1.30.0 Information Disclosure Vulnerability


rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.


The information has been provided by Yuval Avrahami

The original article can be found at:


Redhat RKT is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

Vulnerable Systems:

  • Redhat RKT 1.30.0

CVE Information:


Disclosure Timeline:
Publish Date:06/03/2019

Categories: News