libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-269" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-05-20T18:53:49Z" }