rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.

Related CVEs

CVE-2019-10147

Key Information

GHSA ID

GHSA-mr55-c2c7-jch7

Published

May 24, 2022 4:46 PM

Last Modified

April 4, 2024 12:50 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.