漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Docker Sandboxes ICMP egress restriction bypass after daemon restart
Vulnerability Description
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
CVSS Information
N/A
Vulnerability Type
通信信道对预期端点的不适当限制
Vulnerability Title
Docker Sandboxes 资源管理错误漏洞
Vulnerability Description
Docker Docker Sandboxes是美国Docker公司的一个容器沙箱隔离环境。 Docker Sandboxes 0.14.0版本至0.33.0之前版本存在安全漏洞,该漏洞源于在网络创建时仅应用授权器,在守护进程重启后未对从磁盘重建的网络重新应用授权,导致重启后持久化的沙箱可转发ICMP至任意主机,可能使沙箱内工作负载绕过ICMP出口限制,进行网络侦察并通过ICMP隐蔽通道泄露数据。
CVSS Information
N/A
Vulnerability Type
N/A