GHSA-6978-vg2j-cc9q

Source

https://github.com/advisories/GHSA-6978-vg2j-cc9q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-6978-vg2j-cc9q/GHSA-6978-vg2j-cc9q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6978-vg2j-cc9q

Aliases

CVE-2020-2023

Published

2022-02-15T01:57:18Z

Modified

2023-11-08T04:02:48.321662Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers

Details

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Database specific

{
    "nvd_published_at": "2020-06-10T18:15:00Z",
    "github_reviewed_at": "2021-05-13T19:41:22Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-250",
        "CWE-269"
    ]
}

References

Affected packages

Go / github.com/kata-containers/agent

Package

Name: github.com/kata-containers/agent; View open source insights on deps.dev
Purl: pkg:golang/github.com/kata-containers/agent

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.1

Database specific

{
    "last_known_affected_version_range": "<= 1.9"
}

Go / github.com/kata-containers/agent

Package

Name: github.com/kata-containers/agent; View open source insights on deps.dev
Purl: pkg:golang/github.com/kata-containers/agent

Affected ranges

Type: SEMVER
Events: Introduced

1.10.0

Fixed

1.10.5

Go / github.com/kata-containers/agent

Package

Name: github.com/kata-containers/agent; View open source insights on deps.dev
Purl: pkg:golang/github.com/kata-containers/agent

Affected ranges

Type: SEMVER
Events: Introduced

1.11.0

Fixed

1.11.1

Go / github.com/kata-containers/runtime

Package

Name: github.com/kata-containers/runtime; View open source insights on deps.dev
Purl: pkg:golang/github.com/kata-containers/runtime

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.1

Database specific

{
    "last_known_affected_version_range": "<= 1.9"
}

Go / github.com/kata-containers/runtime

Package

Name: github.com/kata-containers/runtime; View open source insights on deps.dev
Purl: pkg:golang/github.com/kata-containers/runtime

Affected ranges

Type: SEMVER
Events: Introduced

1.10.0

Fixed

1.10.5

Go / github.com/kata-containers/runtime

Package

Name: github.com/kata-containers/runtime; View open source insights on deps.dev
Purl: pkg:golang/github.com/kata-containers/runtime

Affected ranges

Type: SEMVER
Events: Introduced

1.11.0

Fixed

1.11.1