Home > Vulnerability Database > CVE-2020-2023

Mend.io Vulnerability Database

CVE-2020-2023

Date: June 10, 2020

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Language: Go

Severity Score

3.8

Related Resources (10)

Url: https://github.com/kata-containers/runtime/pull/2487

Url: https://github.com/kata-containers/runtime/releases/tag/1.11.1

Url: https://github.com/kata-containers/runtime/releases/tag/1.10.5

Url: https://github.com/kata-containers/agent/issues/791

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-2023

Url: https://github.com/kata-containers/agent/pull/792

Url: https://github.com/kata-containers/runtime/issues/2488

Url: https://github.com/kata-containers

Url: https://github.com/kata-containers/runtime/pull/2477

Url: https://www.mend.io/vulnerability-database/CVE-2020-2023

Severity Score

3.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Improper Privilege Management

CWE-269

Execution with Unnecessary Privileges

CWE-250

CVSS v3.1

Base Score:	3.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-2023

Date: June 10, 2020

Language: Go

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?