QwikSec

Security Database

CVE

CWE

Training

CVE-2020-2026

Published: Jun 10, 2020

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.

Vendor	Product	Versions
Kata Containers	Kata Containers	affected `1.11 - < 1.11.1` affected `1.10 - < 1.10.5` affected `1 - <= 1.9`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/kata-containers/runtime/releases/tag/1.11.1

x_refsource_MISC

https://github.com/kata-containers/runtime/releases/tag/1.10.5

x_refsource_MISC

https://github.com/kata-containers/runtime/issues/2712

x_refsource_MISC

https://github.com/kata-containers/runtime/pull/2713

x_refsource_MISC

FEDORA-2020-7a0b6071a4

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-2f5879aeb6

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-c33083813d

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-1af9cd8c87

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-61fcf3ffc7

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-15a1bde727

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.