Support

Does the PwnKit: Local Privilege Escalation Vulnerability (CVE-2021-4034) affect any RStudio Professional Software application?

Follow

RStudio's engineers have determined that, if your RStudio Workbench installation uses Kubernetes, and if it uses the rstudio/r-session-complete docker image based on Ubuntu Bionic, you will need to re-pull the images. For a complete set of steps please see Polkit Vulnerability in RStudio Docker Images.

 

As CVE-2021-4034 is an OS-related vulnerability, RStudio can confirm that none of our products, Professional or Open Source, are affected by this vulnerability.


RStudio can confirm that https://rstudio.cloud was taken offline for maintenance on 2022-01-26 to apply the necessary mitigations for CVE-2021-4034.

 

RStudio can confirm that https://shinyapps.io is not affected by CVE-2021-4034.

 

More information:

Mitre CVE entry

RedHat Security

Ubuntu Security

 

 

 

Comments