CVE-2018-9862

Name of the Vulnerable Software and Affected Versions runV version 1.0.0

Description The issue in util.c allows attackers to gain root access by exploiting a numeric username in /etc/passwd and then using a "docker exec" command with the numeric value in the -u argument. This is similar to a previously known issue.

Recommendations For runV version 1.0.0, consider restricting access to the "docker exec" command to prevent exploitation until a fix is available. Additionally, reviewing and securing /etc/passwd entries to prevent initial numeric values may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.