admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-20xx/CVE-2020-2026.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

211 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-2026",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2020-06-10T18:15:11.360",
"lastModified": "2023-11-07T03:21:33.723",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions."
},
{
"lang": "es",
"value": "Un invitado malicioso comprometido antes de la creaci\u00f3n de un contenedor (por ejemplo, una imagen maliciosa del invitado o un invitado que ejecuta m\u00faltiples contenedores) puede enga\u00f1ar al tiempo de ejecuci\u00f3n de kata para que monte el sistema de archivos del contenedor no confiable en cualquier ruta de host, permitiendo potencialmente una ejecuci\u00f3n de c\u00f3digo en el host. Este problema afecta a: Kata Containers versiones 1.11 anteriores a 1.11.1; Kata Containers versiones 1.10 anteriores a 1.10.5; Kata Containers versiones 1.9 y anteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.9",
"matchCriteriaId": "0AB886E3-03F3-43FA-AE4F-092FA6246A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10",
"versionEndExcluding": "1.10.5",
"matchCriteriaId": "FD1E8DE9-C5B6-4DA0-A5B2-A6C3B38DD2B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11",
"versionEndExcluding": "1.11.1",
"matchCriteriaId": "1358CC70-876F-4CA6-AC86-551883794212"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kata-containers/runtime/issues/2712",
"source": "psirt@paloaltonetworks.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/kata-containers/runtime/pull/2713",
"source": "psirt@paloaltonetworks.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
"source": "psirt@paloaltonetworks.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
"source": "psirt@paloaltonetworks.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P7FHA4AF6Y6PAVJBTTQPUEHXZQUOF3P/",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JPBKAQBF3OR72N55GWM2TDYQP2OHK6H/",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6W5MKF7HSAIL2AX2BX6RV4WWVGUIKVLS/",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJAMOVB7DSOGX7J26QH5HZKU7GSSX2VU/",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNJHSSPCKUGJDVXXIXK2JUWCRJDQX7CE/",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWACJQSMY5BVDMVTF3FBN7HZSOSFOG3Q/",
"source": "psirt@paloaltonetworks.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink