If they gained root access to the container, that’s not a moderate vulnerability. Root inside a container is still root. You can still access the kernel with root privs and it’s the same kernel as the host.
I know that? I’m just saying that MS categorised it as such. It would be strange to include the part about MS’s responses if MS also found that the vulnerability was not what the researchers claimed it was.
$10 says they haven’t actually escaped anything and it’s just hallucinating a directory structure & file contents
MS said they fixed it and categorised it as a “moderate severity vulnerability” so presumably they did in fact gain root access to the container
If they gained root access to the container, that’s not a moderate vulnerability. Root inside a container is still root. You can still access the kernel with root privs and it’s the same kernel as the host.
Docker is not a virtual machine.
I know that? I’m just saying that MS categorised it as such. It would be strange to include the part about MS’s responses if MS also found that the vulnerability was not what the researchers claimed it was.