Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges.
Continue reading...
Continue reading...