VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5wce-1ywg-aaam

Essentials
Severities (142)
References (60)
Severity details (48)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-5wce-1ywg-aaam
Aliases	CVE-2019-19921 GHSA-fh74-hm69-rqjw
Summary	runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-706	Use of Incorrectly-Resolved Name or Reference
CWE-41	Improper Resolution of Path Equivalence
CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

System	Score	Found at
cvssv3.1	5.9	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19921.html
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2020:0688
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2020:0688
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2020:0695
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2020:0695
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0942
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1485
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1650
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19921.json
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
epss	0.00267	https://api.first.org/data/v1/epss?cve=CVE-2019-19921
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1796107
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921
cvssv3.1	7.0	https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
generic_textual	HIGH	https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
cvssv3.1	5.9	https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
cvssv3.1	5.9	https://github.com/opencontainers/runc/issues/2197
generic_textual	MODERATE	https://github.com/opencontainers/runc/issues/2197
cvssv3.1	5.9	https://github.com/opencontainers/runc/pull/2190
generic_textual	MODERATE	https://github.com/opencontainers/runc/pull/2190
cvssv3.1	5.9	https://github.com/opencontainers/runc/pull/2207
generic_textual	MODERATE	https://github.com/opencontainers/runc/pull/2207
cvssv3.1	7.6	https://github.com/opencontainers/runc/releases
generic_textual	HIGH	https://github.com/opencontainers/runc/releases
cvssv3.1	5.9	https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw
generic_textual	MODERATE	https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw
cvssv3.1	7.0	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
cvssv3.1	7.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
cvssv3.1	7.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
cvssv3.1	7.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
cvssv3.1	7.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
cvssv3.1	7.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
cvssv2	4.4	https://nvd.nist.gov/vuln/detail/CVE-2019-19921
cvssv3	7.0	https://nvd.nist.gov/vuln/detail/CVE-2019-19921
cvssv3.1	7.0	https://nvd.nist.gov/vuln/detail/CVE-2019-19921
cvssv3.1	5.9	https://pkg.go.dev/vuln/GO-2021-0087
generic_textual	MODERATE	https://pkg.go.dev/vuln/GO-2021-0087
cvssv3.1	5.9	https://security.gentoo.org/glsa/202003-21
generic_textual	MODERATE	https://security.gentoo.org/glsa/202003-21
cvssv3.1	5.9	https://security-tracker.debian.org/tracker/CVE-2019-19921
generic_textual	MODERATE	https://security-tracker.debian.org/tracker/CVE-2019-19921
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4297-1
cvssv3.1	5.9	https://usn.ubuntu.com/4297-1
generic_textual	MODERATE	https://usn.ubuntu.com/4297-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4297-1

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19921.html
		https://access.redhat.com/errata/RHSA-2020:0688
		https://access.redhat.com/errata/RHSA-2020:0695
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19921.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-19921
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921
		https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
		https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
		https://github.com/opencontainers/runc/issues/2197
		https://github.com/opencontainers/runc/pull/2190
		https://github.com/opencontainers/runc/pull/2207
		https://github.com/opencontainers/runc/releases
		https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw
		https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
		https://pkg.go.dev/vuln/GO-2021-0087
		https://security.gentoo.org/glsa/202003-21
		https://security-tracker.debian.org/tracker/CVE-2019-19921
		https://ubuntu.com/security/notices/USN-4297-1
		https://usn.ubuntu.com/4297-1
		https://usn.ubuntu.com/4297-1/
		https://usn.ubuntu.com/usn/usn-4297-1
1796107		https://bugzilla.redhat.com/show_bug.cgi?id=1796107
cpe:2.3:a:linuxfoundation:runc::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc::::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8::::::
cpe:2.3:a:linuxfoundation:runc:1.0.0:rc9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:1.0.0:rc9::::::
cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.2:::::::*
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
CVE-2019-19921		https://nvd.nist.gov/vuln/detail/CVE-2019-19921
RHSA-2020:0942		https://access.redhat.com/errata/RHSA-2020:0942
RHSA-2020:1485		https://access.redhat.com/errata/RHSA-2020:1485
RHSA-2020:1650		https://access.redhat.com/errata/RHSA-2020:1650
USN-6088-2		https://usn.ubuntu.com/6088-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://access.redhat.com/errata/RHSA-2020:0688

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://access.redhat.com/errata/RHSA-2020:0695

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19921.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://github.com/opencontainers/runc/issues/2197

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://github.com/opencontainers/runc/pull/2190

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://github.com/opencontainers/runc/pull/2207

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Found at https://github.com/opencontainers/runc/releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19921

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19921

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19921

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://pkg.go.dev/vuln/GO-2021-0087

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://security.gentoo.org/glsa/202003-21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://security-tracker.debian.org/tracker/CVE-2019-19921

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U Found at https://usn.ubuntu.com/4297-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.18077
EPSS Score	0.00046
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.