admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-20xx/CVE-2020-2025.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

136 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-2025",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2020-05-19T21:15:10.163",
"lastModified": "2020-05-21T17:02:45.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests."
},
{
"lang": "es",
"value": "Kata Containers versiones anteriores a 1.11.0, en Cloud Hypervisor persisten cambios del sistema de archivos invitado en el archivo de imagen subyacente en el host. Un invitado malicioso puede sobrescribir el archivo de imagen para conseguir el control de todas las posteriores M\u00e1quinas Virtuales invitadas. Ya que Kata Containers usa el mismo archivo de imagen de la VM con todos los VMM, este problema tambi\u00e9n puede afectar a los invitados basados en QEMU y Firecracker."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.0",
"matchCriteriaId": "6D33AE8C-B850-4A56-B7F2-8D9CD0839E83"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kata-containers/runtime/pull/2487",
"source": "psirt@paloaltonetworks.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink