CVE-2020-2026

CVSS v3.1 8.8 (High)

CVSS v2.0 4.6 (Medium)

EPSS 0.05 % (23^th)

Affected Products 2

Advisories 8

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.

Weaknesses

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CVE Status: PUBLISHED
CNA: Palo Alto Networks, Inc.
Published Date: 2020-06-10 18:15:11
(4 years ago)
Updated Date: 2023-11-07 03:21:33
(10 months ago)

Affected Products

Fedoraproject

Fedora

Katacontainers

Runtime

Configuration #1

	CPE23	From	Up To
Katacontainers Runtime 1.9 and prior versions	cpe:2.3:a:katacontainers:runtime		<= 1.9
Katacontainers Runtime from 1.10 version and prior 1.10.5 version	cpe:2.3:a:katacontainers:runtime	>= 1.10	< 1.10.5
Katacontainers Runtime from 1.11 version and prior 1.11.1 version	cpe:2.3:a:katacontainers:runtime	>= 1.11	< 1.11.1

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 31	cpe:2.3:o:fedoraproject:fedora:31