module
Docker Privileged Container Escape
| Disclosed |
|---|
| Jul 17, 2019 |
Disclosed
Jul 17, 2019
Description
This module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release
feature. This exploit should work against any container started with the following flags: `--cap-add=SYS_ADMIN`, `--privileged`.
feature. This exploit should work against any container started with the following flags: `--cap-add=SYS_ADMIN`, `--privileged`.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.