From ffb42989bf1a0cf30106d193728ed2c383cc345c Mon Sep 17 00:00:00 2001 From: JonJagger Date: Thu, 14 May 2026 14:20:29 +0100 Subject: [PATCH 1/2] Suppress new sigstore/timestamp-authority vuln; document two undocumented ones SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930 (CVSS 6.7) is not exploitable: the affected cosign binary runs in the runner service image, not in user code sandbox containers. Also adds runner-vulns.txt entries for CVE-2026-33814 (golang.org/x/net/http2) and SNYK-16316406 (aws-sdk-go-v2 CloudWatch Logs), which were already in .snyk and Kosli annotations but had no corresponding documentation. Co-Authored-By: Claude Sonnet 4.6 --- .snyk | 7 +++++++ docs/runner-vulns.txt | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/.snyk b/.snyk index 089bafe0..c7a8706d 100644 --- a/.snyk +++ b/.snyk @@ -95,3 +95,10 @@ ignore: expires: 2026-06-01T10:53:10.182Z created: 2026-05-08T10:53:10.201Z + # sigstore/timestamp-authority v2 | Score 6.7 | Not exploitable: cosign runs in runner service image, not in user code sandbox; user code cannot call or interact with sigstore tooling + SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930: + - '*': + reason: Waiting for base image fix + expires: 2026-06-01T10:53:10.182Z + created: 2026-05-14T00:00:00.000Z + diff --git a/docs/runner-vulns.txt b/docs/runner-vulns.txt index 0c097522..4ca76ad1 100644 --- a/docs/runner-vulns.txt +++ b/docs/runner-vulns.txt @@ -233,6 +233,45 @@ and plant malicious plugin binaries that execute with elevated context. For cyber-dojo: cyber-dojo runs on Linux. Verdict: Not applicable. Windows-only vulnerability. +-- CVE-2026-33814: golang.org/x/net/http2 infinite loop -- + +CVE-2026-33814 | golang.org/x/net/http2 | CVSS 8.7 | High +What: An infinite loop in HTTP/2 SETTINGS frame processing. When the transport +receives a SETTINGS_MAX_FRAME_SIZE value of 0 it endlessly writes CONTINUATION +frames, exhausting resources and crashing the service. +For cyber-dojo: golang.org/x/net/http2 is used by Docker daemon and Go-based +tooling in the base image. User code runs with --net=none and cannot send +crafted HTTP/2 SETTINGS frames to any endpoint. +Verdict: Not exploitable by user code. Requires sending a malformed SETTINGS +frame to a reachable HTTP/2 server. + +-- aws-sdk-go-v2 CloudWatch Logs EventStream: process crash -- + +SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406 | aws-sdk-go-v2 CloudWatch Logs | CVSS 8.2 | High | no CVE assigned +What: An uncaught exception in the EventStream decoder crashes the host process +when it receives a crafted EventStream response containing an invalid header +value type byte outside the valid range. +For cyber-dojo: aws-sdk-go-v2 is used by the Go agent to ship logs to +CloudWatch. The crafted response would need to arrive over the TLS-protected +CloudWatch endpoint, requiring a MITM position on that connection. User code +runs with --net=none and cannot interact with the CloudWatch connection at all. +Verdict: Not exploitable by user code. DoS-only; requires MITM of a TLS +CloudWatch endpoint. + +-- sigstore/timestamp-authority: improper certificate validation -- + +SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930 | sigstore/timestamp-authority v2 | CVSS 6.7 | Medium +What: Improper certificate validation in VerifyTimestampResponse. An attacker +can prepend a forged certificate to the certificate bag so that signature +validation uses one certificate while authorization is checked against another, +bypassing time-based policy controls. Fixed in v2.0.6. +For cyber-dojo: The affected code lives inside the cosign binary in the base +image. cosign runs in the runner service container, not in user code sandbox +containers. User code cannot call cosign or interact with sigstore tooling in +any way. The attack vector is local and requires controlling the certificate +chain passed to the binary -- not achievable from within the sandbox. +Verdict: Not exploitable by user code. cosign is not accessible from the sandbox. + == Summary table == CVE / ID Package Score Exploitable? Reason @@ -241,8 +280,10 @@ CVE-2026-33186 gRPC-Go 9.1 No --net=none; no gRPC e CVE-2026-34040 Docker Engine 8.8 No No AuthZ plugins in use CVE-2026-29181 OTel baggage+family 8.7 No --net=none; can't send baggage headers CVE-2026-35469 spdystream 8.7 No --net=none; DoS only +CVE-2026-33814 golang.org/x/net/http2 8.7 No --net=none; can't send SETTINGS frames CVE-2026-33747 buildkit/source/http 8.6 No docker build not used with user content CVE-2026-33748 buildkit git/llb/gitutil 8.2 No docker build not used with user content +CloudWatch-16316406 aws-sdk-go-v2 CloudWatch 8.2 No --net=none; DoS only; requires MITM of TLS CVE-2026-35385 OpenSSH server 7.5 No --net=none; sshd not running CVE-2026-3805 curl 7.5 No --net=none CVE-2026-27135 nghttp2 7.5 No --net=none @@ -258,6 +299,7 @@ CVE-2025-58181 x/crypto/ssh 6.9 No --net=none; no SSH se CVE-2025-47914 x/crypto/ssh/agent 6.9 No --net=none; no SSH agent exposed CVE-2025-58190 x/net/html 6.9 No --net=none; can't reach HTML parser CVE-2025-47911 x/net/html 6.9 No --net=none; can't reach HTML parser +sigstore-ts-auth(Snyk) sigstore/ts-authority 6.7 No cosign in service image; not accessible from sandbox CVE-2025-61985 OpenSSH client 5.3 No --net=none; ProxyCommand not configured CVE-2025-61984 OpenSSH client 5.3 No --net=none; ProxyCommand not configured bbolt (no CVE yet) go.etcd.io/bbolt n/a No Requires corrupted containerd metadata From 8848ab73fbeb08e9551ebece9a416449663f3882 Mon Sep 17 00:00:00 2001 From: JonJagger Date: Thu, 14 May 2026 14:29:25 +0100 Subject: [PATCH 2/2] Split runner-vulns.txt into per-vuln files for easier navigation and maintenance Replaces docs/runner-vulns.txt with docs/vulns/, one file per CVE or Snyk ID. Also consolidates .snyk.example and snyk-crib-sheet.txt into the same directory. Co-Authored-By: Claude Sonnet 4.6 --- docs/runner-vulns.txt | 319 ------------------ docs/{ => vulns}/.snyk.example | 0 docs/vulns/CVE-2025-15558.txt | 6 + docs/vulns/CVE-2025-47911.txt | 6 + docs/vulns/CVE-2025-47913.txt | 5 + docs/vulns/CVE-2025-47914.txt | 6 + docs/vulns/CVE-2025-52881.txt | 14 + docs/vulns/CVE-2025-58181.txt | 6 + docs/vulns/CVE-2025-58190.txt | 6 + docs/vulns/CVE-2025-61984.txt | 10 + docs/vulns/CVE-2025-61985.txt | 10 + docs/vulns/CVE-2026-24051.txt | 6 + docs/vulns/CVE-2026-27135.txt | 5 + docs/vulns/CVE-2026-29181.txt | 10 + docs/vulns/CVE-2026-32280.txt | 9 + docs/vulns/CVE-2026-32281.txt | 9 + docs/vulns/CVE-2026-32283.txt | 9 + docs/vulns/CVE-2026-33186.txt | 9 + docs/vulns/CVE-2026-33747.txt | 9 + docs/vulns/CVE-2026-33748.txt | 8 + docs/vulns/CVE-2026-33814.txt | 9 + docs/vulns/CVE-2026-34040.txt | 14 + docs/vulns/CVE-2026-34986.txt | 9 + docs/vulns/CVE-2026-35385.txt | 7 + docs/vulns/CVE-2026-35469.txt | 9 + docs/vulns/CVE-2026-3805.txt | 7 + ...SSDKGOV2SERVICECLOUDWATCHLOGS-16316406.txt | 10 + ...AMPAUTHORITYV2PKGVERIFICATION-16134930.txt | 11 + .../SNYK-GOLANG-GOETCDIOBBOLT-15922383.txt | 9 + docs/vulns/readme.txt | 59 ++++ docs/{ => vulns}/snyk-crib-sheet.txt | 0 31 files changed, 287 insertions(+), 319 deletions(-) delete mode 100644 docs/runner-vulns.txt rename docs/{ => vulns}/.snyk.example (100%) create mode 100644 docs/vulns/CVE-2025-15558.txt create mode 100644 docs/vulns/CVE-2025-47911.txt create mode 100644 docs/vulns/CVE-2025-47913.txt create mode 100644 docs/vulns/CVE-2025-47914.txt create mode 100644 docs/vulns/CVE-2025-52881.txt create mode 100644 docs/vulns/CVE-2025-58181.txt create mode 100644 docs/vulns/CVE-2025-58190.txt create mode 100644 docs/vulns/CVE-2025-61984.txt create mode 100644 docs/vulns/CVE-2025-61985.txt create mode 100644 docs/vulns/CVE-2026-24051.txt create mode 100644 docs/vulns/CVE-2026-27135.txt create mode 100644 docs/vulns/CVE-2026-29181.txt create mode 100644 docs/vulns/CVE-2026-32280.txt create mode 100644 docs/vulns/CVE-2026-32281.txt create mode 100644 docs/vulns/CVE-2026-32283.txt create mode 100644 docs/vulns/CVE-2026-33186.txt create mode 100644 docs/vulns/CVE-2026-33747.txt create mode 100644 docs/vulns/CVE-2026-33748.txt create mode 100644 docs/vulns/CVE-2026-33814.txt create mode 100644 docs/vulns/CVE-2026-34040.txt create mode 100644 docs/vulns/CVE-2026-34986.txt create mode 100644 docs/vulns/CVE-2026-35385.txt create mode 100644 docs/vulns/CVE-2026-35469.txt create mode 100644 docs/vulns/CVE-2026-3805.txt create mode 100644 docs/vulns/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406.txt create mode 100644 docs/vulns/SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930.txt create mode 100644 docs/vulns/SNYK-GOLANG-GOETCDIOBBOLT-15922383.txt create mode 100644 docs/vulns/readme.txt rename docs/{ => vulns}/snyk-crib-sheet.txt (100%) diff --git a/docs/runner-vulns.txt b/docs/runner-vulns.txt deleted file mode 100644 index 4ca76ad1..00000000 --- a/docs/runner-vulns.txt +++ /dev/null @@ -1,319 +0,0 @@ -CVE Assessment: docker:29.4.1-dind-alpine3.23 for cyber-dojo -Generated: 2026-04-30 - -== Runner security posture == - -User code runs as UID 41966:51966 (non-root, non-privileged) ---net=none on every sandbox container -- no network access whatsoever ---security-opt=no-new-privileges -- blocks setuid escalation -No --privileged flag ---pids-limit=128, memory capped, ulimits set -Runner reaches Docker via mounted socket (/var/run/docker.sock), not from inside the sandbox - -== Critical (1) == - -CVE-2026-33186 | gRPC-Go | CVSS 9.1 -What: gRPC-Go servers accept HTTP/2 :path headers without a leading slash (e.g. -Service/Method instead of /Service/Method), causing path-based deny rules in -grpc/authz interceptors to silently fail to match. -For cyber-dojo: User code runs with --net=none and cannot send any network frames -to anything, let alone a gRPC endpoint. This CVE requires a network-reachable gRPC -service with an auth policy that has a fallback-allow rule. -Verdict: Not exploitable by user code. Relevant only if something in your -infrastructure exposes a gRPC service to untrusted callers. - -== High (13) == - -CVE-2026-34040 | Docker Engine | CVSS 8.8 | marked "not fixed" -What: Bypass of Docker authorization (AuthZ) plugins by padding a container -creation API request body beyond 1 MB. The middleware drops oversized bodies before -they reach the AuthZ plugin, which then approves the empty-looking request. Patch -was in 29.3.1. -Note: The image is 29.4.1 which should include that fix -- the "not fixed" flag -from the scanner may be a false positive or a mismatch on a bundled sub-component. -Worth verifying with `docker version` inside the image. -For cyber-dojo: Even if the bug were present, cyber-dojo does not use Docker AuthZ -plugins (OPA, Prisma Cloud, etc.). Sandbox security is enforced via docker run flags -directly -- --net=none, --user, --security-opt=no-new-privileges -- not via plugin -policy. This CVE only matters if a third-party AuthZ plugin is standing between the -caller and the Docker daemon. -Verdict: Not relevant to cyber-dojo's threat model. No AuthZ plugins in use. - -CVE-2026-35469 | spdystream | CVSS 8.7 -What: DoS -- the SPDY/3 frame parser allocates memory based on attacker-controlled -counts/lengths without bounds checks. A single malformed SPDY frame (zlib-compressed, -so small on the wire) can exhaust process memory and crash the service. -For cyber-dojo: spdystream is used by Kubernetes client-go for kubectl exec / -port-forward style streaming. User code has --net=none and cannot send SPDY frames -to anything. An external attacker with access to whatever exposes spdystream could -DoS the service, but that is an infrastructure concern, not a sandbox concern. -Verdict: Not exploitable by user code. Infrastructure DoS risk only. - -CVE-2026-35385 | OpenSSH | CVSS 7.5 | not fixed -What: A vulnerability in OpenSSH (likely a memory safety issue in the server path). -For cyber-dojo: The dind image ships OpenSSH for ssh-keygen used in Docker's TLS -cert tooling -- sshd is not started in a normal dind deployment. Even if sshd were -somehow running, user code has --net=none and cannot reach it. -Verdict: Not exploitable by user code. Would only matter if sshd were running and -a port were exposed, which is not the case in a standard dind deployment. - -CVE-2026-3805 | curl | CVSS 7.5 | not fixed -What: A vulnerability in curl (likely TLS/HTTP processing -- curl CVEs at this score -are usually buffer overflows in protocol parsing). -For cyber-dojo: curl is in the dind image for Docker's own use (pulling images, health -checks). User code runs with --net=none and cannot invoke curl to reach any external -server, and cannot interact with curl running inside the dind environment. -Verdict: Not exploitable by user code. - -CVE-2026-27135 | nghttp2 | CVSS 7.5 -What: An HTTP/2 vulnerability in nghttp2 (the C library underlying curl and other tools). -For cyber-dojo: Same reasoning as curl -- no network access from user code. nghttp2 -would only be reachable by something sending HTTP/2 to a service that uses it. -Verdict: Not exploitable by user code. - -CVE-2026-32280 | Go stdlib 1.25.8 | CVSS 7.5 -CVE-2026-32281 | Go stdlib 1.25.8 | CVSS 7.5 -CVE-2026-32283 | Go stdlib 1.25.8 | CVSS 7.5 -What: Three separate Go standard library vulnerabilities (fix: upgrade to 1.25.9). -These affect the Docker daemon and containerd binaries which are compiled with Go. -For cyber-dojo: These would be reachable only through interaction with the Docker -daemon API. User code is completely isolated from the Docker socket -- the sandbox -container has no path to the Docker daemon. -Verdict: Not exploitable by user code. Could matter if something external with -Docker API access exploited them. - -CVE-2026-34986 | go-jose v4 (github.com/go-jose/go-jose/v4) | CVSS 7.5 -What: Panic in JWE decryption. When the alg field specifies a key-wrapping algorithm -and the encrypted_key field is empty (or shorter than 16 bytes), cipher.KeyUnwrap() -calculates a zero or negative slice length, triggering a Go runtime panic. Any -service that decrypts JWE tokens from untrusted input is affected. -For cyber-dojo: go-jose is used by containerd and Docker daemon internals for JWE -handling. User code has --net=none and cannot send crafted JWE tokens to these -services. -Verdict: Not exploitable by user code. - -== Additional vulnerabilities from runner/.snyk == - -The .snyk file in the runner repo suppresses a further 22 vulnerabilities (24 Snyk -IDs, of which 2 map to CVEs already covered above: SNYK-GOLANG-GOOGLEGOLANGORGGRPC- -15691172 = CVE-2026-33186, and SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-15875221 / -CIPHER-15875224 = CVE-2026-34986). All entries carry "Waiting for fix" with an -expiry of 2026-05-09. - --- BuildKit: directory traversal and symlink attacks -- - -CVE-2026-33747 | moby/buildkit/source/http | CVSS 8.6 | High -What: Directory traversal in BuildKit's HTTP source module. A crafted API message -sent when an untrusted frontend is used can write files outside the intended storage -root via path traversal sequences. -For cyber-dojo: cyber-dojo runs pre-built language images and does not invoke -docker build against user-supplied content. BuildKit's HTTP source is never -exercised by user-submitted code. -Verdict: Not relevant. Would only matter if docker build were run with user- -controlled #syntax directives or --build-arg BUILDKIT_SYNTAX. - -CVE-2026-33748 | moby/buildkit/source/git, client/llb, util/gitutil | CVSS 8.2 | High -What: Symlink attack in BuildKit's Git URL processing. A crafted subdir value in -a Git URL fragment can escape the repository root. Requires builds using Git URLs -with a subpath component pointing to a symlink in an untrusted repository. Three -separate Snyk IDs (15790741, 15790742, 15790743, 15790744) all map to this one CVE -across different BuildKit packages. -For cyber-dojo: cyber-dojo does not build from user-supplied Git URLs. -Verdict: Not relevant. - --- OpenTelemetry: resource exhaustion family -- - -CVE-2026-29181 | go.opentelemetry.io/otel baggage, propagation, internal/global, - OTLP trace/metric exporters | CVSS 8.7 | High -What: The baggage package fails to throttle header processing. Sending many baggage -header lines in HTTP requests -- even individually within size limits -- causes -unbounded CPU and memory allocation, crashing the service. Six Snyk IDs -(15928416, 15928418, 15928420, 15954196, 15954197, 15954212) all belong to this -same DoS pattern across different OTel packages. -For cyber-dojo: User code runs with --net=none and cannot send HTTP requests with -crafted baggage headers to any OTel endpoint. -Verdict: Not exploitable by user code. - -CVE-2026-24051 | go.opentelemetry.io/otel/sdk/resource | CVSS 7.3 | High -What: Untrusted search path. The resource detection code executes the ioreg command -without validating PATH, so a malicious binary placed earlier in PATH is executed -instead. ioreg is a macOS-specific command. -For cyber-dojo: cyber-dojo runs on Linux. -Verdict: Not applicable. macOS-only vulnerability. - --- opencontainers/selinux: race condition with /proc writes -- - -CVE-2025-52881 | opencontainers/selinux/go-selinux | CVSS 7.3 | High -What: A race condition in how the library writes to procfs files. An attacker with -low local privileges can redirect write operations via symlinks or shared mounts to -reach targets like /proc/sysrq-trigger, potentially crashing the host or altering -kernel parameters. -For cyber-dojo: This is the most structurally interesting entry on this list. The -go-selinux library is used by containerd and runc when applying SELinux labels to -containers. Two mitigations apply: (1) sandboxed containers run with ---security-opt=no-new-privileges, blocking the setuid transitions SELinux labels -are often used alongside; (2) the race requires the attacker to already have local -access to the host filesystem's procfs, which user code cannot reach -- the -container's /proc is a private mount namespace. -Verdict: Not exploitable by user code given namespace isolation. Worth monitoring -if the runner ever runs on a host where SELinux is actively enforcing. - --- golang.org/x/crypto/ssh: three DoS vulnerabilities -- - -CVE-2025-58181 | golang.org/x/crypto/ssh | CVSS 6.9 | Medium -What: A Go SSH server allocates memory without limits when processing GSSAPI -authentication requests with excessive numbers of mechanisms, leading to memory -exhaustion. -For cyber-dojo: The runner does not expose an SSH server. User code has --net=none. -Verdict: Not exploitable by user code. - -CVE-2025-47914 | golang.org/x/crypto/ssh/agent | CVSS 6.9 | Medium -What: An out-of-bounds read in the SSH agent server -- a malformed message causes -a panic and crash. -For cyber-dojo: No SSH agent is exposed to user code. --net=none prevents any -network contact. -Verdict: Not exploitable by user code. - -CVE-2025-47913 | golang.org/x/crypto/ssh/agent | CVSS 7.1 | High -What: A malicious SSH agent sends a single 0x06 byte (SSH_AGENT_SUCCESS) which is -unmarshalled into the wrong type, causing a panic in List() and SignWithFlags(). -For cyber-dojo: No SSH agent surface reachable from user code. --net=none. -Verdict: Not exploitable by user code. - --- golang.org/x/net/html: two HTML parser DoS vulnerabilities -- - -CVE-2025-58190 | golang.org/x/net/html | CVSS 6.9 | Medium -What: An infinite loop in html.Parse() triggered by specially crafted HTML input, -exhausting CPU until the process is killed. - -CVE-2025-47911 | golang.org/x/net/html | CVSS 6.9 | Medium -What: Quadratic parsing complexity in html.Parse() on certain inputs -- a related -DoS vector in the same function. - -For cyber-dojo (both): Docker daemon components use this library internally. User -code has --net=none and cannot send HTML to the Docker daemon's HTML parser. -Verdict: Not exploitable by user code. - --- Alpine OpenSSH: two client-side injection vulnerabilities -- - -CVE-2025-61985 | OpenSSH (Alpine, tagged ALPINE322) | CVSS 5.3 | Medium -What: A null byte in an ssh:// URI is not neutralised. When ProxyCommand is -configured, this can lead to code execution. - -CVE-2025-61984 | OpenSSH (Alpine, tagged ALPINE322) | CVSS 5.3 | Medium -What: Control characters in SSH usernames (from command-line or config percent- -sequence expansion) are not sanitised, enabling injection into a ProxyCommand. - -For cyber-dojo (both): These are ssh client vulnerabilities requiring the operator -to run ssh with a crafted URI or username, with ProxyCommand configured. User code -runs with --net=none -- no outbound SSH connection is possible. The ProxyCommand -vector requires a pre-configured SSH client config, which the sandbox does not have. -Note: Both are tagged ALPINE322 but the image is Alpine 3.23 -- the scanner is -matching on the OpenSSH package version, not the Alpine minor version. -Verdict: Not exploitable by user code. - --- go.etcd.io/bbolt: panic on corrupted database -- - -SNYK-GOLANG-GOETCDIOBBOLT-15922383 | go.etcd.io/bbolt | no CVE assigned yet -What: Bucket.Stats() panics with an index out-of-range when it encounters a branch -page with zero elements (corrupted or partially-written database). Fix merged -2026-03-30; no release tag at time of writing. -For cyber-dojo: bbolt is an embedded key-value store used by containerd for its -metadata. The panic requires a corrupted bbolt database, which user code cannot -cause -- the containerd metadata store is entirely outside the sandbox. -Verdict: Not exploitable by user code. Data-corruption resilience concern for -containerd, not a sandbox escape risk. - --- docker/cli plugins: Windows-only search path -- - -CVE-2025-15558 | docker/cli/cli-plugins/manager | CVSS 7.0 | High -What: On Windows, Docker CLI searches for plugins in C:\ProgramData\Docker\cli- -plugins, which does not exist by default. A low-privileged attacker can create it -and plant malicious plugin binaries that execute with elevated context. -For cyber-dojo: cyber-dojo runs on Linux. -Verdict: Not applicable. Windows-only vulnerability. - --- CVE-2026-33814: golang.org/x/net/http2 infinite loop -- - -CVE-2026-33814 | golang.org/x/net/http2 | CVSS 8.7 | High -What: An infinite loop in HTTP/2 SETTINGS frame processing. When the transport -receives a SETTINGS_MAX_FRAME_SIZE value of 0 it endlessly writes CONTINUATION -frames, exhausting resources and crashing the service. -For cyber-dojo: golang.org/x/net/http2 is used by Docker daemon and Go-based -tooling in the base image. User code runs with --net=none and cannot send -crafted HTTP/2 SETTINGS frames to any endpoint. -Verdict: Not exploitable by user code. Requires sending a malformed SETTINGS -frame to a reachable HTTP/2 server. - --- aws-sdk-go-v2 CloudWatch Logs EventStream: process crash -- - -SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406 | aws-sdk-go-v2 CloudWatch Logs | CVSS 8.2 | High | no CVE assigned -What: An uncaught exception in the EventStream decoder crashes the host process -when it receives a crafted EventStream response containing an invalid header -value type byte outside the valid range. -For cyber-dojo: aws-sdk-go-v2 is used by the Go agent to ship logs to -CloudWatch. The crafted response would need to arrive over the TLS-protected -CloudWatch endpoint, requiring a MITM position on that connection. User code -runs with --net=none and cannot interact with the CloudWatch connection at all. -Verdict: Not exploitable by user code. DoS-only; requires MITM of a TLS -CloudWatch endpoint. - --- sigstore/timestamp-authority: improper certificate validation -- - -SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930 | sigstore/timestamp-authority v2 | CVSS 6.7 | Medium -What: Improper certificate validation in VerifyTimestampResponse. An attacker -can prepend a forged certificate to the certificate bag so that signature -validation uses one certificate while authorization is checked against another, -bypassing time-based policy controls. Fixed in v2.0.6. -For cyber-dojo: The affected code lives inside the cosign binary in the base -image. cosign runs in the runner service container, not in user code sandbox -containers. User code cannot call cosign or interact with sigstore tooling in -any way. The attack vector is local and requires controlling the certificate -chain passed to the binary -- not achievable from within the sandbox. -Verdict: Not exploitable by user code. cosign is not accessible from the sandbox. - -== Summary table == - -CVE / ID Package Score Exploitable? Reason ------------------------------------------------------------------------------- -CVE-2026-33186 gRPC-Go 9.1 No --net=none; no gRPC exposure -CVE-2026-34040 Docker Engine 8.8 No No AuthZ plugins in use -CVE-2026-29181 OTel baggage+family 8.7 No --net=none; can't send baggage headers -CVE-2026-35469 spdystream 8.7 No --net=none; DoS only -CVE-2026-33814 golang.org/x/net/http2 8.7 No --net=none; can't send SETTINGS frames -CVE-2026-33747 buildkit/source/http 8.6 No docker build not used with user content -CVE-2026-33748 buildkit git/llb/gitutil 8.2 No docker build not used with user content -CloudWatch-16316406 aws-sdk-go-v2 CloudWatch 8.2 No --net=none; DoS only; requires MITM of TLS -CVE-2026-35385 OpenSSH server 7.5 No --net=none; sshd not running -CVE-2026-3805 curl 7.5 No --net=none -CVE-2026-27135 nghttp2 7.5 No --net=none -CVE-2026-32280 Go stdlib 7.5 No No Docker socket access from sandbox -CVE-2026-32281 Go stdlib 7.5 No No Docker socket access from sandbox -CVE-2026-32283 Go stdlib 7.5 No No Docker socket access from sandbox -CVE-2026-34986 go-jose v4 7.5 No --net=none; no JWE endpoint exposed -CVE-2025-52881 opencontainers/selinux 7.3 No /proc namespaced; no-new-privileges -CVE-2026-24051 OTel SDK resource 7.3 No macOS-only (ioreg) -CVE-2025-47913 x/crypto/ssh/agent 7.1 No --net=none; no SSH agent exposed -CVE-2025-15558 docker/cli plugins 7.0 No Linux deployment; Windows-only -CVE-2025-58181 x/crypto/ssh 6.9 No --net=none; no SSH server exposed -CVE-2025-47914 x/crypto/ssh/agent 6.9 No --net=none; no SSH agent exposed -CVE-2025-58190 x/net/html 6.9 No --net=none; can't reach HTML parser -CVE-2025-47911 x/net/html 6.9 No --net=none; can't reach HTML parser -sigstore-ts-auth(Snyk) sigstore/ts-authority 6.7 No cosign in service image; not accessible from sandbox -CVE-2025-61985 OpenSSH client 5.3 No --net=none; ProxyCommand not configured -CVE-2025-61984 OpenSSH client 5.3 No --net=none; ProxyCommand not configured -bbolt (no CVE yet) go.etcd.io/bbolt n/a No Requires corrupted containerd metadata - -== Key caveat == - -None of these are container escape vulnerabilities (runc escapes, kernel exploits). -Those are what would matter most for cyber-dojo's threat model. The CVEs listed are -mostly: network-service auth bugs (irrelevant with --net=none), Docker auth-plugin -bypass (irrelevant without plugins), BuildKit build-time flaws (irrelevant as -cyber-dojo doesn't build images from user content), and DoS issues. The runner's -defence-in-depth -- non-root user, no network, no-new-privileges, pid limits, tmpfs -isolation -- specifically neutralises the attack vectors these CVEs require. - -The higher-value scan to run would target runc and containerd CVEs specifically, -since those are the components that actually mediate the boundary between user code -and the host. diff --git a/docs/.snyk.example b/docs/vulns/.snyk.example similarity index 100% rename from docs/.snyk.example rename to docs/vulns/.snyk.example diff --git a/docs/vulns/CVE-2025-15558.txt b/docs/vulns/CVE-2025-15558.txt new file mode 100644 index 00000000..a81aff85 --- /dev/null +++ b/docs/vulns/CVE-2025-15558.txt @@ -0,0 +1,6 @@ +CVE-2025-15558 | docker/cli/cli-plugins/manager | CVSS 7.0 | High +What: On Windows, Docker CLI searches for plugins in C:\ProgramData\Docker\cli- +plugins, which does not exist by default. A low-privileged attacker can create it +and plant malicious plugin binaries that execute with elevated context. +For cyber-dojo: cyber-dojo runs on Linux. +Verdict: Not applicable. Windows-only vulnerability. diff --git a/docs/vulns/CVE-2025-47911.txt b/docs/vulns/CVE-2025-47911.txt new file mode 100644 index 00000000..c236974e --- /dev/null +++ b/docs/vulns/CVE-2025-47911.txt @@ -0,0 +1,6 @@ +CVE-2025-47911 | golang.org/x/net/html | CVSS 6.9 | Medium +What: Quadratic parsing complexity in html.Parse() on certain inputs -- a related +DoS vector in the same function. +For cyber-dojo: Docker daemon components use this library internally. User code +has --net=none and cannot send HTML to the Docker daemon's HTML parser. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2025-47913.txt b/docs/vulns/CVE-2025-47913.txt new file mode 100644 index 00000000..ed92064b --- /dev/null +++ b/docs/vulns/CVE-2025-47913.txt @@ -0,0 +1,5 @@ +CVE-2025-47913 | golang.org/x/crypto/ssh/agent | CVSS 7.1 | High +What: A malicious SSH agent sends a single 0x06 byte (SSH_AGENT_SUCCESS) which is +unmarshalled into the wrong type, causing a panic in List() and SignWithFlags(). +For cyber-dojo: No SSH agent surface reachable from user code. --net=none. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2025-47914.txt b/docs/vulns/CVE-2025-47914.txt new file mode 100644 index 00000000..3de26b6e --- /dev/null +++ b/docs/vulns/CVE-2025-47914.txt @@ -0,0 +1,6 @@ +CVE-2025-47914 | golang.org/x/crypto/ssh/agent | CVSS 6.9 | Medium +What: An out-of-bounds read in the SSH agent server -- a malformed message causes +a panic and crash. +For cyber-dojo: No SSH agent is exposed to user code. --net=none prevents any +network contact. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2025-52881.txt b/docs/vulns/CVE-2025-52881.txt new file mode 100644 index 00000000..bfda8aeb --- /dev/null +++ b/docs/vulns/CVE-2025-52881.txt @@ -0,0 +1,14 @@ +CVE-2025-52881 | opencontainers/selinux/go-selinux | CVSS 7.3 | High +What: A race condition in how the library writes to procfs files. An attacker with +low local privileges can redirect write operations via symlinks or shared mounts to +reach targets like /proc/sysrq-trigger, potentially crashing the host or altering +kernel parameters. +For cyber-dojo: This is the most structurally interesting entry on this list. The +go-selinux library is used by containerd and runc when applying SELinux labels to +containers. Two mitigations apply: (1) sandboxed containers run with +--security-opt=no-new-privileges, blocking the setuid transitions SELinux labels +are often used alongside; (2) the race requires the attacker to already have local +access to the host filesystem's procfs, which user code cannot reach -- the +container's /proc is a private mount namespace. +Verdict: Not exploitable by user code given namespace isolation. Worth monitoring +if the runner ever runs on a host where SELinux is actively enforcing. diff --git a/docs/vulns/CVE-2025-58181.txt b/docs/vulns/CVE-2025-58181.txt new file mode 100644 index 00000000..cd0363e9 --- /dev/null +++ b/docs/vulns/CVE-2025-58181.txt @@ -0,0 +1,6 @@ +CVE-2025-58181 | golang.org/x/crypto/ssh | CVSS 6.9 | Medium +What: A Go SSH server allocates memory without limits when processing GSSAPI +authentication requests with excessive numbers of mechanisms, leading to memory +exhaustion. +For cyber-dojo: The runner does not expose an SSH server. User code has --net=none. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2025-58190.txt b/docs/vulns/CVE-2025-58190.txt new file mode 100644 index 00000000..566be6e6 --- /dev/null +++ b/docs/vulns/CVE-2025-58190.txt @@ -0,0 +1,6 @@ +CVE-2025-58190 | golang.org/x/net/html | CVSS 6.9 | Medium +What: An infinite loop in html.Parse() triggered by specially crafted HTML input, +exhausting CPU until the process is killed. +For cyber-dojo: Docker daemon components use this library internally. User code +has --net=none and cannot send HTML to the Docker daemon's HTML parser. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2025-61984.txt b/docs/vulns/CVE-2025-61984.txt new file mode 100644 index 00000000..dfa6a2f0 --- /dev/null +++ b/docs/vulns/CVE-2025-61984.txt @@ -0,0 +1,10 @@ +CVE-2025-61984 | OpenSSH (Alpine, tagged ALPINE322) | CVSS 5.3 | Medium +What: Control characters in SSH usernames (from command-line or config percent- +sequence expansion) are not sanitised, enabling injection into a ProxyCommand. +For cyber-dojo: An ssh client vulnerability requiring the operator to run ssh with +a crafted username, with ProxyCommand configured. User code runs with --net=none -- +no outbound SSH connection is possible. The ProxyCommand vector requires a +pre-configured SSH client config, which the sandbox does not have. +Note: Tagged ALPINE322 but the image is Alpine 3.23 -- the scanner is matching on +the OpenSSH package version, not the Alpine minor version. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2025-61985.txt b/docs/vulns/CVE-2025-61985.txt new file mode 100644 index 00000000..f5a2e9e9 --- /dev/null +++ b/docs/vulns/CVE-2025-61985.txt @@ -0,0 +1,10 @@ +CVE-2025-61985 | OpenSSH (Alpine, tagged ALPINE322) | CVSS 5.3 | Medium +What: A null byte in an ssh:// URI is not neutralised. When ProxyCommand is +configured, this can lead to code execution. +For cyber-dojo: An ssh client vulnerability requiring the operator to run ssh with +a crafted URI, with ProxyCommand configured. User code runs with --net=none -- no +outbound SSH connection is possible. The ProxyCommand vector requires a +pre-configured SSH client config, which the sandbox does not have. +Note: Tagged ALPINE322 but the image is Alpine 3.23 -- the scanner is matching on +the OpenSSH package version, not the Alpine minor version. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2026-24051.txt b/docs/vulns/CVE-2026-24051.txt new file mode 100644 index 00000000..18fa95e6 --- /dev/null +++ b/docs/vulns/CVE-2026-24051.txt @@ -0,0 +1,6 @@ +CVE-2026-24051 | go.opentelemetry.io/otel/sdk/resource | CVSS 7.3 | High +What: Untrusted search path. The resource detection code executes the ioreg command +without validating PATH, so a malicious binary placed earlier in PATH is executed +instead. ioreg is a macOS-specific command. +For cyber-dojo: cyber-dojo runs on Linux. +Verdict: Not applicable. macOS-only vulnerability. diff --git a/docs/vulns/CVE-2026-27135.txt b/docs/vulns/CVE-2026-27135.txt new file mode 100644 index 00000000..b4ed5e10 --- /dev/null +++ b/docs/vulns/CVE-2026-27135.txt @@ -0,0 +1,5 @@ +CVE-2026-27135 | nghttp2 | CVSS 7.5 | High +What: An HTTP/2 vulnerability in nghttp2 (the C library underlying curl and other tools). +For cyber-dojo: Same reasoning as curl -- no network access from user code. nghttp2 +would only be reachable by something sending HTTP/2 to a service that uses it. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2026-29181.txt b/docs/vulns/CVE-2026-29181.txt new file mode 100644 index 00000000..dacd9e48 --- /dev/null +++ b/docs/vulns/CVE-2026-29181.txt @@ -0,0 +1,10 @@ +CVE-2026-29181 | go.opentelemetry.io/otel baggage, propagation, internal/global, + OTLP trace/metric exporters | CVSS 8.7 | High +What: The baggage package fails to throttle header processing. Sending many baggage +header lines in HTTP requests -- even individually within size limits -- causes +unbounded CPU and memory allocation, crashing the service. Six Snyk IDs +(15928416, 15928418, 15928420, 15954196, 15954197, 15954212) all belong to this +same DoS pattern across different OTel packages. +For cyber-dojo: User code runs with --net=none and cannot send HTTP requests with +crafted baggage headers to any OTel endpoint. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2026-32280.txt b/docs/vulns/CVE-2026-32280.txt new file mode 100644 index 00000000..14e200c7 --- /dev/null +++ b/docs/vulns/CVE-2026-32280.txt @@ -0,0 +1,9 @@ +CVE-2026-32280 | Go stdlib 1.25.8 | CVSS 7.5 | High +What: One of three Go standard library vulnerabilities fixed in 1.25.9, affecting +the Docker daemon and containerd binaries compiled with Go. See also CVE-2026-32281 +and CVE-2026-32283. +For cyber-dojo: These would be reachable only through interaction with the Docker +daemon API. User code is completely isolated from the Docker socket -- the sandbox +container has no path to the Docker daemon. +Verdict: Not exploitable by user code. Could matter if something external with +Docker API access exploited them. diff --git a/docs/vulns/CVE-2026-32281.txt b/docs/vulns/CVE-2026-32281.txt new file mode 100644 index 00000000..2071b5c6 --- /dev/null +++ b/docs/vulns/CVE-2026-32281.txt @@ -0,0 +1,9 @@ +CVE-2026-32281 | Go stdlib 1.25.8 | CVSS 7.5 | High +What: One of three Go standard library vulnerabilities fixed in 1.25.9, affecting +the Docker daemon and containerd binaries compiled with Go. See also CVE-2026-32280 +and CVE-2026-32283. +For cyber-dojo: These would be reachable only through interaction with the Docker +daemon API. User code is completely isolated from the Docker socket -- the sandbox +container has no path to the Docker daemon. +Verdict: Not exploitable by user code. Could matter if something external with +Docker API access exploited them. diff --git a/docs/vulns/CVE-2026-32283.txt b/docs/vulns/CVE-2026-32283.txt new file mode 100644 index 00000000..0c1669a9 --- /dev/null +++ b/docs/vulns/CVE-2026-32283.txt @@ -0,0 +1,9 @@ +CVE-2026-32283 | Go stdlib 1.25.8 | CVSS 7.5 | High +What: One of three Go standard library vulnerabilities fixed in 1.25.9, affecting +the Docker daemon and containerd binaries compiled with Go. See also CVE-2026-32280 +and CVE-2026-32281. +For cyber-dojo: These would be reachable only through interaction with the Docker +daemon API. User code is completely isolated from the Docker socket -- the sandbox +container has no path to the Docker daemon. +Verdict: Not exploitable by user code. Could matter if something external with +Docker API access exploited them. diff --git a/docs/vulns/CVE-2026-33186.txt b/docs/vulns/CVE-2026-33186.txt new file mode 100644 index 00000000..a29b8832 --- /dev/null +++ b/docs/vulns/CVE-2026-33186.txt @@ -0,0 +1,9 @@ +CVE-2026-33186 | gRPC-Go | CVSS 9.1 | Critical +What: gRPC-Go servers accept HTTP/2 :path headers without a leading slash (e.g. +Service/Method instead of /Service/Method), causing path-based deny rules in +grpc/authz interceptors to silently fail to match. +For cyber-dojo: User code runs with --net=none and cannot send any network frames +to anything, let alone a gRPC endpoint. This CVE requires a network-reachable gRPC +service with an auth policy that has a fallback-allow rule. +Verdict: Not exploitable by user code. Relevant only if something in your +infrastructure exposes a gRPC service to untrusted callers. diff --git a/docs/vulns/CVE-2026-33747.txt b/docs/vulns/CVE-2026-33747.txt new file mode 100644 index 00000000..2e0d2116 --- /dev/null +++ b/docs/vulns/CVE-2026-33747.txt @@ -0,0 +1,9 @@ +CVE-2026-33747 | moby/buildkit/source/http | CVSS 8.6 | High +What: Directory traversal in BuildKit's HTTP source module. A crafted API message +sent when an untrusted frontend is used can write files outside the intended storage +root via path traversal sequences. +For cyber-dojo: cyber-dojo runs pre-built language images and does not invoke +docker build against user-supplied content. BuildKit's HTTP source is never +exercised by user-submitted code. +Verdict: Not relevant. Would only matter if docker build were run with user- +controlled #syntax directives or --build-arg BUILDKIT_SYNTAX. diff --git a/docs/vulns/CVE-2026-33748.txt b/docs/vulns/CVE-2026-33748.txt new file mode 100644 index 00000000..b0ff565c --- /dev/null +++ b/docs/vulns/CVE-2026-33748.txt @@ -0,0 +1,8 @@ +CVE-2026-33748 | moby/buildkit/source/git, client/llb, util/gitutil | CVSS 8.2 | High +What: Symlink attack in BuildKit's Git URL processing. A crafted subdir value in +a Git URL fragment can escape the repository root. Requires builds using Git URLs +with a subpath component pointing to a symlink in an untrusted repository. Three +separate Snyk IDs (15790741, 15790742, 15790743, 15790744) all map to this one CVE +across different BuildKit packages. +For cyber-dojo: cyber-dojo does not build from user-supplied Git URLs. +Verdict: Not relevant. diff --git a/docs/vulns/CVE-2026-33814.txt b/docs/vulns/CVE-2026-33814.txt new file mode 100644 index 00000000..a97c61d1 --- /dev/null +++ b/docs/vulns/CVE-2026-33814.txt @@ -0,0 +1,9 @@ +CVE-2026-33814 | golang.org/x/net/http2 | CVSS 8.7 | High +What: An infinite loop in HTTP/2 SETTINGS frame processing. When the transport +receives a SETTINGS_MAX_FRAME_SIZE value of 0 it endlessly writes CONTINUATION +frames, exhausting resources and crashing the service. +For cyber-dojo: golang.org/x/net/http2 is used by Docker daemon and Go-based +tooling in the base image. User code runs with --net=none and cannot send +crafted HTTP/2 SETTINGS frames to any endpoint. +Verdict: Not exploitable by user code. Requires sending a malformed SETTINGS +frame to a reachable HTTP/2 server. diff --git a/docs/vulns/CVE-2026-34040.txt b/docs/vulns/CVE-2026-34040.txt new file mode 100644 index 00000000..6a96b6ec --- /dev/null +++ b/docs/vulns/CVE-2026-34040.txt @@ -0,0 +1,14 @@ +CVE-2026-34040 | Docker Engine | CVSS 8.8 | High | marked "not fixed" +What: Bypass of Docker authorization (AuthZ) plugins by padding a container +creation API request body beyond 1 MB. The middleware drops oversized bodies before +they reach the AuthZ plugin, which then approves the empty-looking request. Patch +was in 29.3.1. +Note: The image is 29.4.1 which should include that fix -- the "not fixed" flag +from the scanner may be a false positive or a mismatch on a bundled sub-component. +Worth verifying with `docker version` inside the image. +For cyber-dojo: Even if the bug were present, cyber-dojo does not use Docker AuthZ +plugins (OPA, Prisma Cloud, etc.). Sandbox security is enforced via docker run flags +directly -- --net=none, --user, --security-opt=no-new-privileges -- not via plugin +policy. This CVE only matters if a third-party AuthZ plugin is standing between the +caller and the Docker daemon. +Verdict: Not relevant to cyber-dojo's threat model. No AuthZ plugins in use. diff --git a/docs/vulns/CVE-2026-34986.txt b/docs/vulns/CVE-2026-34986.txt new file mode 100644 index 00000000..bedceb8a --- /dev/null +++ b/docs/vulns/CVE-2026-34986.txt @@ -0,0 +1,9 @@ +CVE-2026-34986 | go-jose v4 (github.com/go-jose/go-jose/v4) | CVSS 7.5 | High +What: Panic in JWE decryption. When the alg field specifies a key-wrapping algorithm +and the encrypted_key field is empty (or shorter than 16 bytes), cipher.KeyUnwrap() +calculates a zero or negative slice length, triggering a Go runtime panic. Any +service that decrypts JWE tokens from untrusted input is affected. +For cyber-dojo: go-jose is used by containerd and Docker daemon internals for JWE +handling. User code has --net=none and cannot send crafted JWE tokens to these +services. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/CVE-2026-35385.txt b/docs/vulns/CVE-2026-35385.txt new file mode 100644 index 00000000..6143e448 --- /dev/null +++ b/docs/vulns/CVE-2026-35385.txt @@ -0,0 +1,7 @@ +CVE-2026-35385 | OpenSSH | CVSS 7.5 | High | not fixed +What: A vulnerability in OpenSSH (likely a memory safety issue in the server path). +For cyber-dojo: The dind image ships OpenSSH for ssh-keygen used in Docker's TLS +cert tooling -- sshd is not started in a normal dind deployment. Even if sshd were +somehow running, user code has --net=none and cannot reach it. +Verdict: Not exploitable by user code. Would only matter if sshd were running and +a port were exposed, which is not the case in a standard dind deployment. diff --git a/docs/vulns/CVE-2026-35469.txt b/docs/vulns/CVE-2026-35469.txt new file mode 100644 index 00000000..14322887 --- /dev/null +++ b/docs/vulns/CVE-2026-35469.txt @@ -0,0 +1,9 @@ +CVE-2026-35469 | spdystream | CVSS 8.7 | High +What: DoS -- the SPDY/3 frame parser allocates memory based on attacker-controlled +counts/lengths without bounds checks. A single malformed SPDY frame (zlib-compressed, +so small on the wire) can exhaust process memory and crash the service. +For cyber-dojo: spdystream is used by Kubernetes client-go for kubectl exec / +port-forward style streaming. User code has --net=none and cannot send SPDY frames +to anything. An external attacker with access to whatever exposes spdystream could +DoS the service, but that is an infrastructure concern, not a sandbox concern. +Verdict: Not exploitable by user code. Infrastructure DoS risk only. diff --git a/docs/vulns/CVE-2026-3805.txt b/docs/vulns/CVE-2026-3805.txt new file mode 100644 index 00000000..334ffdd5 --- /dev/null +++ b/docs/vulns/CVE-2026-3805.txt @@ -0,0 +1,7 @@ +CVE-2026-3805 | curl | CVSS 7.5 | High | not fixed +What: A vulnerability in curl (likely TLS/HTTP processing -- curl CVEs at this score +are usually buffer overflows in protocol parsing). +For cyber-dojo: curl is in the dind image for Docker's own use (pulling images, health +checks). User code runs with --net=none and cannot invoke curl to reach any external +server, and cannot interact with curl running inside the dind environment. +Verdict: Not exploitable by user code. diff --git a/docs/vulns/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406.txt b/docs/vulns/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406.txt new file mode 100644 index 00000000..18b96e9d --- /dev/null +++ b/docs/vulns/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406.txt @@ -0,0 +1,10 @@ +SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406 | aws-sdk-go-v2 CloudWatch Logs | CVSS 8.2 | High | no CVE assigned +What: An uncaught exception in the EventStream decoder crashes the host process +when it receives a crafted EventStream response containing an invalid header +value type byte outside the valid range. +For cyber-dojo: aws-sdk-go-v2 is used by the Go agent to ship logs to +CloudWatch. The crafted response would need to arrive over the TLS-protected +CloudWatch endpoint, requiring a MITM position on that connection. User code +runs with --net=none and cannot interact with the CloudWatch connection at all. +Verdict: Not exploitable by user code. DoS-only; requires MITM of a TLS +CloudWatch endpoint. diff --git a/docs/vulns/SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930.txt b/docs/vulns/SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930.txt new file mode 100644 index 00000000..336a4f10 --- /dev/null +++ b/docs/vulns/SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930.txt @@ -0,0 +1,11 @@ +SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930 | sigstore/timestamp-authority v2 | CVSS 6.7 | Medium +What: Improper certificate validation in VerifyTimestampResponse. An attacker +can prepend a forged certificate to the certificate bag so that signature +validation uses one certificate while authorization is checked against another, +bypassing time-based policy controls. Fixed in v2.0.6. +For cyber-dojo: The affected code lives inside the cosign binary in the base +image. cosign runs in the runner service container, not in user code sandbox +containers. User code cannot call cosign or interact with sigstore tooling in +any way. The attack vector is local and requires controlling the certificate +chain passed to the binary -- not achievable from within the sandbox. +Verdict: Not exploitable by user code. cosign is not accessible from the sandbox. diff --git a/docs/vulns/SNYK-GOLANG-GOETCDIOBBOLT-15922383.txt b/docs/vulns/SNYK-GOLANG-GOETCDIOBBOLT-15922383.txt new file mode 100644 index 00000000..629ffc58 --- /dev/null +++ b/docs/vulns/SNYK-GOLANG-GOETCDIOBBOLT-15922383.txt @@ -0,0 +1,9 @@ +SNYK-GOLANG-GOETCDIOBBOLT-15922383 | go.etcd.io/bbolt | no CVE assigned yet +What: Bucket.Stats() panics with an index out-of-range when it encounters a branch +page with zero elements (corrupted or partially-written database). Fix merged +2026-03-30; no release tag at time of writing. +For cyber-dojo: bbolt is an embedded key-value store used by containerd for its +metadata. The panic requires a corrupted bbolt database, which user code cannot +cause -- the containerd metadata store is entirely outside the sandbox. +Verdict: Not exploitable by user code. Data-corruption resilience concern for +containerd, not a sandbox escape risk. diff --git a/docs/vulns/readme.txt b/docs/vulns/readme.txt new file mode 100644 index 00000000..ff01195b --- /dev/null +++ b/docs/vulns/readme.txt @@ -0,0 +1,59 @@ +CVE Assessment: docker:29.4.1-dind-alpine3.23 for cyber-dojo +Generated: 2026-04-30 + +Each vulnerability has its own file in this directory named after its CVE or Snyk ID. + +== Runner security posture == + +User code runs as UID 41966:51966 (non-root, non-privileged) +--net=none on every sandbox container -- no network access whatsoever +--security-opt=no-new-privileges -- blocks setuid escalation +No --privileged flag +--pids-limit=128, memory capped, ulimits set +Runner reaches Docker via mounted socket (/var/run/docker.sock), not from inside the sandbox + +== Summary table == + +CVE / ID Package Score Exploitable? Reason +------------------------------------------------------------------------------ +CVE-2026-33186 gRPC-Go 9.1 No --net=none; no gRPC exposure +CVE-2026-34040 Docker Engine 8.8 No No AuthZ plugins in use +CVE-2026-29181 OTel baggage+family 8.7 No --net=none; can't send baggage headers +CVE-2026-35469 spdystream 8.7 No --net=none; DoS only +CVE-2026-33814 golang.org/x/net/http2 8.7 No --net=none; can't send SETTINGS frames +CVE-2026-33747 buildkit/source/http 8.6 No docker build not used with user content +CVE-2026-33748 buildkit git/llb/gitutil 8.2 No docker build not used with user content +CloudWatch-16316406 aws-sdk-go-v2 CloudWatch 8.2 No --net=none; DoS only; requires MITM of TLS +CVE-2026-35385 OpenSSH server 7.5 No --net=none; sshd not running +CVE-2026-3805 curl 7.5 No --net=none +CVE-2026-27135 nghttp2 7.5 No --net=none +CVE-2026-32280 Go stdlib 7.5 No No Docker socket access from sandbox +CVE-2026-32281 Go stdlib 7.5 No No Docker socket access from sandbox +CVE-2026-32283 Go stdlib 7.5 No No Docker socket access from sandbox +CVE-2026-34986 go-jose v4 7.5 No --net=none; no JWE endpoint exposed +CVE-2025-52881 opencontainers/selinux 7.3 No /proc namespaced; no-new-privileges +CVE-2026-24051 OTel SDK resource 7.3 No macOS-only (ioreg) +CVE-2025-47913 x/crypto/ssh/agent 7.1 No --net=none; no SSH agent exposed +CVE-2025-15558 docker/cli plugins 7.0 No Linux deployment; Windows-only +CVE-2025-58181 x/crypto/ssh 6.9 No --net=none; no SSH server exposed +CVE-2025-47914 x/crypto/ssh/agent 6.9 No --net=none; no SSH agent exposed +CVE-2025-58190 x/net/html 6.9 No --net=none; can't reach HTML parser +CVE-2025-47911 x/net/html 6.9 No --net=none; can't reach HTML parser +sigstore-ts-auth(Snyk) sigstore/ts-authority 6.7 No cosign in service image; not accessible from sandbox +CVE-2025-61985 OpenSSH client 5.3 No --net=none; ProxyCommand not configured +CVE-2025-61984 OpenSSH client 5.3 No --net=none; ProxyCommand not configured +bbolt (no CVE yet) go.etcd.io/bbolt n/a No Requires corrupted containerd metadata + +== Key caveat == + +None of these are container escape vulnerabilities (runc escapes, kernel exploits). +Those are what would matter most for cyber-dojo's threat model. The CVEs listed are +mostly: network-service auth bugs (irrelevant with --net=none), Docker auth-plugin +bypass (irrelevant without plugins), BuildKit build-time flaws (irrelevant as +cyber-dojo doesn't build images from user content), and DoS issues. The runner's +defence-in-depth -- non-root user, no network, no-new-privileges, pid limits, tmpfs +isolation -- specifically neutralises the attack vectors these CVEs require. + +The higher-value scan to run would target runc and containerd CVEs specifically, +since those are the components that actually mediate the boundary between user code +and the host. diff --git a/docs/snyk-crib-sheet.txt b/docs/vulns/snyk-crib-sheet.txt similarity index 100% rename from docs/snyk-crib-sheet.txt rename to docs/vulns/snyk-crib-sheet.txt