CVE-2020-2023

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

CVSS v3 6.3 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/kata-containers/agent/issues/791	Third Party Advisory
https://github.com/kata-containers/agent/pull/792	Patch
https://github.com/kata-containers/runtime/issues/2488	Patch Third Party Advisory
https://github.com/kata-containers/runtime/pull/2477	Patch Third Party Advisory
https://github.com/kata-containers/runtime/pull/2487	Patch Third Party Advisory
https://github.com/kata-containers/runtime/releases/tag/1.10.5	Release Notes Third Party Advisory
https://github.com/kata-containers/runtime/releases/tag/1.11.1	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:katacontainers:runtime::::::::
	cpe:2.3:a:katacontainers:runtime::::::::
	cpe:2.3:a:katacontainers:runtime::::::::

History

No history.

Information

Published : 2020-06-10 18:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-2023

Mitre link : CVE-2020-2023

CVE.ORG link : CVE-2020-2023

JSON object : View

Products Affected

katacontainers

runtime

CWE

NVD-CWE-noinfo CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2020-2023", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.0}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.0}]}, "published": "2020-06-10T18:15:11.280", "references": [{"url": "https://github.com/kata-containers/agent/issues/791", "tags": ["Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/agent/pull/792", "tags": ["Patch"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/issues/2488", "tags": ["Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/pull/2477", "tags": ["Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/pull/2487", "tags": ["Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5", "tags": ["Release Notes", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."}, {"lang": "es", "value": "Kata Containers no restringe el acceso de los contenedores al dispositivo del sistema de archivos root del invitado. Los contenedores maliciosos pueden explotar esto para obtener la ejecuci\u00f3n del c\u00f3digo en el invitado y hacerse pasar por el agente de kata. Este problema afecta a: Kata Containers versiones 1.11 anteriores a 1.11.1; Kata Containers versiones 1.10 anteriores a 1.10.5; y Kata Containers versiones 1.9 y anteriores"}], "lastModified": "2021-10-19T12:45:49.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AB886E3-03F3-43FA-AE4F-092FA6246A31", "versionEndIncluding": "1.9"}, {"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD1E8DE9-C5B6-4DA0-A5B2-A6C3B38DD2B6", "versionEndExcluding": "1.10.5", "versionStartIncluding": "1.10"}, {"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1358CC70-876F-4CA6-AC86-551883794212", "versionEndExcluding": "1.11.1", "versionStartIncluding": "1.11"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}