CVE-2020-2023

{"id": "CVE-2020-2023", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.0}]}, "published": "2020-06-10T18:15:11.280", "references": [{"url": "https://github.com/kata-containers/agent/issues/791", "tags": ["Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/agent/pull/792", "tags": ["Patch"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/issues/2488", "tags": ["Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/pull/2477", "tags": ["Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/pull/2487", "tags": ["Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5", "tags": ["Release Notes", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/agent/issues/791", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kata-containers/agent/pull/792", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kata-containers/runtime/issues/2488", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kata-containers/runtime/pull/2477", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kata-containers/runtime/pull/2487", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-250"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."}, {"lang": "es", "value": "Kata Containers no restringe el acceso de los contenedores al dispositivo del sistema de archivos root del invitado. Los contenedores maliciosos pueden explotar esto para obtener la ejecuci\u00f3n del c\u00f3digo en el invitado y hacerse pasar por el agente de kata. Este problema afecta a: Kata Containers versiones 1.11 anteriores a 1.11.1; Kata Containers versiones 1.10 anteriores a 1.10.5; y Kata Containers versiones 1.9 y anteriores"}], "lastModified": "2024-11-21T05:24:28.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AB886E3-03F3-43FA-AE4F-092FA6246A31", "versionEndIncluding": "1.9"}, {"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD1E8DE9-C5B6-4DA0-A5B2-A6C3B38DD2B6", "versionEndExcluding": "1.10.5", "versionStartIncluding": "1.10"}, {"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1358CC70-876F-4CA6-AC86-551883794212", "versionEndExcluding": "1.11.1", "versionStartIncluding": "1.11"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}