CVE-2016-3697
Published
CVSS v3
7.8
HIGH
CVSS v2
2.1
LOW
Affected
1
PROJECT
Description
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
CLI tool for spawning and running containers according to the OCI specification
GitHub