CVE-2020-2023 - OpenCVE

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Katacontainers	Runtime

Configuration 1 [-]

OR	cpe:2.3:a:katacontainers:runtime::::::::
	cpe:2.3:a:katacontainers:runtime::::::::
	cpe:2.3:a:katacontainers:runtime::::::::

No data.

References

Link	Providers
https://github.com/kata-containers/agent/issues/791
https://github.com/kata-containers/agent/pull/792
https://github.com/kata-containers/runtime/issues/2488
https://github.com/kata-containers/runtime/pull/2477
https://github.com/kata-containers/runtime/pull/2487
https://github.com/kata-containers/runtime/releases/tag/1.10.5
https://github.com/kata-containers/runtime/releases/tag/1.11.1

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-06-10T17:30:12.051641Z

Updated: 2024-09-17T01:15:36.499Z

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2023

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-10T18:15:11.280

Modified: 2021-10-19T12:45:49.630

Link: CVE-2020-2023

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Kata Containers", "vendor": "Kata Containers", "versions": [{"lessThan": "1.11.1", "status": "affected", "version": "1.11", "versionType": "custom"}, {"lessThan": "1.10.5", "status": "affected", "version": "1.10", "versionType": "custom"}, {"lessThanOrEqual": "1.9", "status": "affected", "version": "1", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "Affects QEMU and Cloud Hypervisor guests on the default configuration. Doesn't affect initrd (initramfs) based guests. Requires the container to have CAP_SYS_MKNOD, the default in Docker and Kubernetes with containerd, but not in Kubernetes with CRI-O."}], "credits": [{"lang": "en", "value": "Yuval Avrahami, Palo Alto Networks"}], "datePublic": "2020-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-10T17:30:12", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/runtime/pull/2487"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/runtime/pull/2477"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/runtime/issues/2488"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/agent/issues/791"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/agent/pull/792"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"}], "source": {"discovery": "EXTERNAL"}, "title": "Kata Containers - Containers have access to the guest root filesystem device", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-06-10T16:00:00.000Z", "ID": "CVE-2020-2023", "STATE": "PUBLIC", "TITLE": "Kata Containers - Containers have access to the guest root filesystem device"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kata Containers", "version": {"version_data": [{"version_affected": "<", "version_name": "1.11", "version_value": "1.11.1"}, {"version_affected": "<", "version_name": "1.10", "version_value": "1.10.5"}, {"version_affected": "<=", "version_name": "1", "version_value": "1.9"}]}}]}, "vendor_name": "Kata Containers"}]}}, "configuration": [{"lang": "en", "value": "Affects QEMU and Cloud Hypervisor guests on the default configuration. Doesn't affect initrd (initramfs) based guests. Requires the container to have CAP_SYS_MKNOD, the default in Docker and Kubernetes with containerd, but not in Kubernetes with CRI-O."}], "credit": [{"lang": "eng", "value": "Yuval Avrahami, Palo Alto Networks"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-250 Execution with Unnecessary Privileges"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kata-containers/runtime/pull/2487", "refsource": "MISC", "url": "https://github.com/kata-containers/runtime/pull/2487"}, {"name": "https://github.com/kata-containers/runtime/pull/2477", "refsource": "MISC", "url": "https://github.com/kata-containers/runtime/pull/2477"}, {"name": "https://github.com/kata-containers/runtime/issues/2488", "refsource": "MISC", "url": "https://github.com/kata-containers/runtime/issues/2488"}, {"name": "https://github.com/kata-containers/agent/issues/791", "refsource": "MISC", "url": "https://github.com/kata-containers/agent/issues/791"}, {"name": "https://github.com/kata-containers/agent/pull/792", "refsource": "MISC", "url": "https://github.com/kata-containers/agent/pull/792"}, {"name": "https://github.com/kata-containers/runtime/releases/tag/1.11.1", "refsource": "MISC", "url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"}, {"name": "https://github.com/kata-containers/runtime/releases/tag/1.10.5", "refsource": "MISC", "url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.678Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/runtime/pull/2487"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/runtime/pull/2477"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/runtime/issues/2488"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/agent/issues/791"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/agent/pull/792"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-2023", "datePublished": "2020-06-10T17:30:12.051641Z", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-09-17T01:15:36.499Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AB886E3-03F3-43FA-AE4F-092FA6246A31", "versionEndIncluding": "1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD1E8DE9-C5B6-4DA0-A5B2-A6C3B38DD2B6", "versionEndExcluding": "1.10.5", "versionStartIncluding": "1.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "1358CC70-876F-4CA6-AC86-551883794212", "versionEndExcluding": "1.11.1", "versionStartIncluding": "1.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."}, {"lang": "es", "value": "Kata Containers no restringe el acceso de los contenedores al dispositivo del sistema de archivos root del invitado. Los contenedores maliciosos pueden explotar esto para obtener la ejecuci\u00f3n del c\u00f3digo en el invitado y hacerse pasar por el agente de kata. Este problema afecta a: Kata Containers versiones 1.11 anteriores a 1.11.1; Kata Containers versiones 1.10 anteriores a 1.10.5; y Kata Containers versiones 1.9 y anteriores"}], "id": "CVE-2020-2023", "lastModified": "2021-10-19T12:45:49.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-06-10T18:15:11.280", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Third Party Advisory"], "url": "https://github.com/kata-containers/agent/issues/791"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Patch"], "url": "https://github.com/kata-containers/agent/pull/792"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kata-containers/runtime/issues/2488"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kata-containers/runtime/pull/2477"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kata-containers/runtime/pull/2487"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-250"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}