CVE-2019-10147 is a vulnerability in Red Hat Rkt
Published on June 3, 2019
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2019-10147
Want to know whenever a new CVE is published for Red Hat Rkt? stack.watch will email you.
Affected Versions
[UNKNOWN] rkt Version 1.30.0 is affected by CVE-2019-10147Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.