Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5Nzgtdmcyai1jYzlx

Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Permalink: https://github.com/advisories/GHSA-6978-vg2j-cc9q
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5Nzgtdmcyai1jYzlx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-6978-vg2j-cc9q, CVE-2020-2023
References:

Repository: https://github.com/kata-containers/agent
Blast Radius: 8.9

Affected Packages

go:github.com/kata-containers/runtime

Dependent packages: 3
Dependent repositories: 4
Downloads:
Affected Version Ranges: >= 1.11.0, < 1.11.1, >= 1.10.0, < 1.10.5, <= 1.9
Fixed in: 1.11.1, 1.10.5, 1.9.1
All affected versions:
All unaffected versions:

go:github.com/kata-containers/agent

Dependent packages: 0
Dependent repositories: 8
Downloads:
Affected Version Ranges: >= 1.11.0, < 1.11.1, >= 1.10.0, < 1.10.5, <= 1.9
Fixed in: 1.11.1, 1.10.5, 1.9.1
All affected versions:
All unaffected versions: