Because of this flaw, an attacker who good points entry to a Docker container may leverage the API to create a brand new Docker container and provides it entry to a quantity that hosts, for instance, a database utilized by a special container, due to this fact exposing delicate info.
However extra critically, the attacker may mount the working system’s file system and acquire the power to learn or write any file. This has much more severe implications: For instance, by overwriting a DLL library loaded by a special utility, the attacker may execute malicious code on the system.
Nevertheless, mounting the OS filesystem administrator works solely on Home windows, as trying this on macOS would immediate the person for permission. Additionally on macOS Docker doesn’t run with administrator privileges prefer it does on Home windows.
