Cve-2019-5736?

security
#1

Does CVE-2019-5736 impact CircleCI?

0 Likes

#2

We are investigating this and will make an announcement after we have determined any possible impact. You can contact us at security@circleci.com for more concerns.

0 Likes

closed #3

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

0 Likes

opened #4
0 Likes

#5

CircleCI deploys docker containers that are non-privileged and use host ‘user namespacing’ (via --userns-remap) to isolate the containers from the host OS.

This vulnerability is only applicable to privileged containers that run without the namespacing/pid mapping.

For reference:


https://www.openwall.com/lists/oss-security/2019/02/11/2

1 Like