Moderate severityNVD Advisory· Published Jun 10, 2020· Updated Sep 17, 2024
Kata Containers - Containers have access to the guest root filesystem device
CVE-2020-2023
Description
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/kata-containers/agentGo | < 1.9.1 | 1.9.1 |
github.com/kata-containers/agentGo | >= 1.10.0, < 1.10.5 | 1.10.5 |
github.com/kata-containers/agentGo | >= 1.11.0, < 1.11.1 | 1.11.1 |
github.com/kata-containers/runtimeGo | < 1.9.1 | 1.9.1 |
github.com/kata-containers/runtimeGo | >= 1.10.0, < 1.10.5 | 1.10.5 |
github.com/kata-containers/runtimeGo | >= 1.11.0, < 1.11.1 | 1.11.1 |
Affected products
3- ghsa-coords2 versions
< 1.9.1+ 1 more
- (no CPE)range: < 1.9.1
- (no CPE)range: < 1.9.1
- Range: 1.11
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-6978-vg2j-cc9qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2023ghsaADVISORY
- github.com/kata-containers/agent/issues/791ghsax_refsource_MISCWEB
- github.com/kata-containers/agent/pull/792ghsax_refsource_MISCWEB
- github.com/kata-containers/runtime/issues/2488ghsax_refsource_MISCWEB
- github.com/kata-containers/runtime/pull/2477ghsax_refsource_MISCWEB
- github.com/kata-containers/runtime/pull/2487ghsax_refsource_MISCWEB
- github.com/kata-containers/runtime/releases/tag/1.10.5ghsax_refsource_MISCWEB
- github.com/kata-containers/runtime/releases/tag/1.11.1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.