PT-2020-15247 · Kata Containers · Kata Containers

Published

2020-06-10

Updated

2022-02-15

CVE-2020-2023

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kata Containers versions 1.11 earlier than 1.11.1 Kata Containers versions 1.10 earlier than 1.10.5 Kata Containers versions 1.9 and earlier

Description The issue allows malicious containers to access the guest's root filesystem device, potentially leading to code execution on the guest and masquerading as the kata-agent.

Recommendations For Kata Containers version 1.11, update to version 1.11.1 or later. For Kata Containers version 1.10, update to version 1.10.5 or later. For Kata Containers version 1.9 and earlier, update to a newer version that contains a fix for this issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-269

Related Identifiers

CVE-2020-2023

GHSA-6978-VG2J-CC9Q

Affected Products

Kata Containers

PT-2020-15247 · Kata Containers · Kata Containers

CVE-2020-2023

Weakness Enumeration

Related Identifiers

Affected Products

References · 12