Runtime
CVE-2020-2023
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.
AnalysisAI
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-250. Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions. Affected products include: Katacontainers Runtime.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH COD
A malicious guest compromised before a container creation (e.g. Rated high severity (CVSS 8.8), this vulnerability is lo
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Rated medium severity (CVSS
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible.
Same weakness CWE-250 – Execution with Unnecessary Privileges
View allShare
External POC / Exploit Code
Leaving vuln.today