Redhat RKT Information Disclosure Vulnerability
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
The information has been provided by Yuval Avrahami
The original article can be found at: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
Redhat RKT is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application
- Redhat RKT 1.30.0