CVE-2020-28914

Published November 17th, 2020

View on NVD ↗

CVSS v3

7.1

HIGH

CVSS v2

3.6

LOW

Affected

PROJECTS

Description

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.

kata-containers/runtime

Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).

GitHub

2.09K

kata-containers/kata-containers

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/

GitHub

8.08K