Learn extra at:
On account of this flaw, an attacker who positive aspects entry to a Docker container may leverage the API to create a brand new Docker container and provides it entry to a quantity that hosts, for instance, a database utilized by a unique container, subsequently exposing delicate info.
However extra critically, the attacker may mount the working system’s file system and achieve the power to learn or write any file. This has much more critical implications: For instance, by overwriting a DLL library loaded by a unique utility, the attacker may execute malicious code on the system.
Nonetheless, mounting the OS filesystem administrator works solely on Home windows, as making an attempt this on macOS would immediate the consumer for permission. Additionally on macOS Docker doesn’t run with administrator privileges prefer it does on Home windows.