CVE-2020-2023

Sažetak

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Reference

https://github.com/kata-containers/runtime/issues/2488
https://github.com/kata-containers/agent/issues/791
https://github.com/kata-containers/runtime/pull/2487
https://github.com/kata-containers/agent/pull/792
https://github.com/kata-containers/runtime/pull/2477
https://github.com/kata-containers/runtime/releases/tag/1.10.5
https://github.com/kata-containers/runtime/releases/tag/1.11.1

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2021 - 12:45

Objavljeno

10-06-2020 - 18:15