Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-2023

Good to know:

icon

Date: June 10, 2020

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Language: Go

Severity Score

Related Resources (10)

https://github.com/kata-containers/runtime/pull/2487
https://github.com/kata-containers/runtime/releases/tag/1.11.1
https://github.com/kata-containers/runtime/releases/tag/1.10.5
https://github.com/kata-containers/agent/issues/791
https://nvd.nist.gov/vuln/detail/CVE-2020-2023
https://github.com/kata-containers/agent/pull/792
https://github.com/kata-containers/runtime/issues/2488
https://github.com/kata-containers
https://github.com/kata-containers/runtime/pull/2477
https://www.mend.io/vulnerability-database/CVE-2020-2023

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Improper Privilege Management

CWE-269

Execution with Unnecessary Privileges

CWE-250

Top Fix

icon

Upgrade Version

Upgrade to version 1.11.1,1.10.5,1.9.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us