CVE-2020-28914

Name of the Vulnerable Software and Affected Versions Kata Containers versions prior to 1.11.5

Description An improper file permissions issue affects Kata Containers when using a Kubernetes hostPath volume. When a file or directory is mounted as readonly into a container, it remains writable inside the guest. This could allow a malicious guest to modify or delete files/directories expected to be read-only in a container breakout situation.

Recommendations For versions prior to 1.11.5, update to version 1.11.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of hostPath volumes or ensuring that all mounted files and directories are properly secured to prevent unauthorized access.