{"containers": {"cna": {"affected": [{"product": "anchore-engine", "vendor": "anchore", "versions": [{"status": "affected", "version": "= 0.7.0"}]}], "descriptions": [{"lang": "en", "value": "In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-114", "description": "CWE-114: Process Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-27T21:20:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/anchore/anchore-engine/issues/430"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/anchore/anchore-engine/pull/431"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"}], "source": {"advisory": "GHSA-w4rm-w22x-h7m5", "discovery": "UNKNOWN"}, "title": "Shell Escape in Anchore Engine", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11075", "STATE": "PUBLIC", "TITLE": "Shell Escape in Anchore Engine"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "anchore-engine", "version": {"version_data": [{"version_value": "= 0.7.0"}]}}]}, "vendor_name": "anchore"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-114: Process Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5", "refsource": "CONFIRM", "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"}, {"name": "https://github.com/anchore/anchore-engine/issues/430", "refsource": "MISC", "url": "https://github.com/anchore/anchore-engine/issues/430"}, {"name": "https://github.com/anchore/anchore-engine/pull/431", "refsource": "MISC", "url": "https://github.com/anchore/anchore-engine/pull/431"}, {"name": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db", "refsource": "MISC", "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"}]}, "source": {"advisory": "GHSA-w4rm-w22x-h7m5", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.644Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/anchore/anchore-engine/issues/430"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/anchore/anchore-engine/pull/431"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11075", "datePublished": "2020-05-27T21:20:14", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-08-04T11:21:14.644Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anchore:engine:0.7.0:-:*:*:*:*:*:*", "matchCriteriaId": "CCBB339C-2583-4E05-9F59-70B8C6B677D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1."}, {"lang": "es", "value": "En Anchore Engine versi\u00f3n 0.7.0, un manifiesto de imagen de contenedor especialmente dise\u00f1ado, extra\u00eddo de un registro, puede ser utilizado para desencadenar un fallo de escape del shell en el servicio del analizador de anchore engine durante un proceso de an\u00e1lisis de imagen. La operaci\u00f3n de an\u00e1lisis de imagen solo puede ser ejecutada por un usuario autenticado por medio de una petici\u00f3n de API v\u00e1lida al anchore engine, o si una imagen ya agregada que anchore est\u00e1 monitoreando tiene su manifiesto alterado para explotar el mismo fallo. Un ataque con \u00e9xito puede ser utilizado para ejecutar comandos que son realizados en el entorno del analizador, con los mismos permisos que el usuario que ejecuta anchore engine, incluido el acceso a las credenciales que usa Engine para acceder a su propia base de datos que tiene capacidad de lectura y escritura, as\u00ed como tambi\u00e9n acceso al entorno de servicio del analizador de engine en ejecuci\u00f3n. Por defecto, Anchore Engine es iniciado y se despliega como un contenedor donde el usuario no es root, pero si los usuarios ejecutan Engine directa o expl\u00edcitamente configuran al usuario como \"root\", entonces ese nivel de acceso puede ser alcanzado en el entorno de ejecuci\u00f3n donde se ejecuta Engine. Este problema es corregido en la versi\u00f3n 0.7.1."}], "id": "CVE-2020-11075", "lastModified": "2020-06-03T15:58:21.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-05-27T22:15:11.000", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/anchore/anchore-engine/issues/430"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/anchore/anchore-engine/pull/431"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-114"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}