Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/iridium-soda/container-escape-exploits
整理容器逃逸相关的漏洞和exploits.
https://github.com/iridium-soda/container-escape-exploits
Last synced: 3 months ago
JSON representation
整理容器逃逸相关的漏洞和exploits.
- Host: GitHub
- URL: https://github.com/iridium-soda/container-escape-exploits
- Owner: iridium-soda
- Created: 2024-03-20T10:19:39.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-04-08T03:48:17.000Z (8 months ago)
- Last Synced: 2024-04-08T09:35:11.923Z (8 months ago)
- Language: C
- Size: 567 KB
- Stars: 5
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - iridium-soda/container-escape-exploits - 整理容器逃逸相关的漏洞和exploits. (C)
README
# container-escape-exploits
整理容器逃逸相关的漏洞和exploits.
## Misconfig
| Name | Category | PoC | Writeup |
|-----------------------|----------|------------------|-----------------------|
| SYS_MODULE Abuse | Docker | :white_check_mark: | Deprecated(temporarily) |
| SYS_ADMIN Abuse | Docker | :white_check_mark: | :white_check_mark: |
| MKNOD Abuse | Docker | | |
| Host Network Sniffing | Docker | | |
| UEVENT_HELPER Abuse | Docker | | |
| privileged-container | Docker | :white_check_mark: | :white_check_mark: |
| mount-docker-sock | Docker | :white_check_mark: | :white_check_mark: |
| mount-host-etc | Docker | :white_check_mark: | :white_check_mark: |
| Process Injection | Docker | :white_check_mark: | Deprecated |
| mount-var-log-k8s | K8s | :white_check_mark: | |
| mount-host-procfs-k8s | K8s | :white_check_mark: | |
| DAC_OVERRIDE | Docker | :white_check_mark: | :white_check_mark: |
## CVEs
| Name | Category | PoC | Checked |
|-----------------|----------|-------------------|------------------------------------------|
| CVE-2016-5195 | Kernel | :white_check_mark: | Failed due to unsupported vDSO version |
| CVE-2016-9962 | Docker | :white_check_mark: | Deprecated |
| CVE-2017-1000112 | Kernel | :white_check_mark: | Failed due to no bypass available |
| CVE-2017-1002101 | K8s | :white_check_mark: | |
| CVE-2017-7308 | Kernel | :white_check_mark: | Failed due to no matched kernel4.0.0-34 |
| CVE-2018-1002100 | K8s | | |
| CVE-2018-15664 | Docker | :white_check_mark: | Failed due to docker engine is too old |
| CVE-2018-18955 | Kernel | :white_check_mark: | [writeup](https://potassium.site/2024/04/a1808592721f.html) escalation only |
| CVE-2019-1002101 | K8s | | Failed due to no matched kernel4.0.0-34 |
| CVE-2019-11246 | K8s | | |
| CVE-2019-11249 | K8s | | |
| CVE-2019-11251 | K8s | | |
| CVE-2019-14271 | Docker | :white_check_mark: | [writeup](https://potassium.site/2024/04/f2a6aa1a36ec.html) |
| CVE-2019-16884 | Docker | | |
| CVE-2019-5736 | Docker | :white_check_mark: | [writeup](https://potassium.site/2024/04/6bebfe1479d2.html) |
| CVE-2020-14386 | Kernel | | |
| CVE-2020-15257 | Docker | :white_check_mark: | Failed due to docker engine is too old |
| CVE-2020-27151 | Kata | | |
| CVE-2020-8555 | K8s | | |
| CVE-2021-22555 | Kernel | :white_check_mark: | Failed - poc didn't work |
| CVE-2021-25741 | K8s | | |
| CVE-2021-30465 | K8s | | |
| CVE-2022-0185 | Kernel | :white_check_mark: | [writeup](https://potassium.site/2024/04/343c2d2fd083.html) escalation only |
| CVE-2022-0492 | Docker | :white_check_mark: | [writeup](https://potassium.site/2024/04/aee7ce293157.html) |
| CVE-2022-0811 | K8s | | |
| CVE-2022-0847 | Docker | :white_check_mark: | [writeup](https://potassium.site/2024/04/f4e70fb0eb58.html)escalation only |
|CVE-2022-1227|Podman| :white_check_mark: | [writeup](https://github.com/iridium-soda/CVE-2022-1227_Exploit) |