CVE-2020-28914

Published: Nov 17, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-21305 Aliases: GSD-2020-28914
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high
LOW 3,6
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: partial

Description

AI Translation Available

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 91 Days)

732

Incorrect Permission Assignment for Critical Resource

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control Integrity Other
Potential Impacts:
Read Application Data Read Files Or Directories Gain Privileges Or Assume Identity Modify Application Data Other
Applicable Platforms
Technologies: Not Technology-Specific, Cloud Computing
Likelihood of Exploit: High
View CWE Details
Application

Kata-Containers by Katacontainers

Product Information
Vendor Katacontainers
Product Kata-Containers
Version Range Affected
To 1.11.5 (exclusive)
cpe:2.3:a:katacontainers:kata-containers:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/kata-containers/kata-containers/pull/1062
Third Party Advisory
https://github.com/kata-containers/kata-containers/pull/1062
https://github.com/kata-containers/runtime/pull/3042
Third Party Advisory
https://github.com/kata-containers/runtime/pull/3042
https://github.com/kata-containers/runtime/pull/3051
Third Party Advisory
https://github.com/kata-containers/runtime/pull/3051
https://github.com/kata-containers/runtime/releases/tag/1.1…
Release Notes Third Party Advisory
https://github.com/kata-containers/runtime/releases/tag/1.11.5
https://github.com/kata-containers/runtime/releases/tag/1.1…
Release Notes Third Party Advisory
https://github.com/kata-containers/runtime/releases/tag/1.12.0
https://github.com/kata-containers/kata-containers/pull/1062
Third Party Advisory
https://github.com/kata-containers/kata-containers/pull/1062
https://github.com/kata-containers/runtime/pull/3042
Third Party Advisory
https://github.com/kata-containers/runtime/pull/3042
https://github.com/kata-containers/runtime/pull/3051
Third Party Advisory
https://github.com/kata-containers/runtime/pull/3051
https://github.com/kata-containers/runtime/releases/tag/1.1…
Release Notes Third Party Advisory
https://github.com/kata-containers/runtime/releases/tag/1.11.5
https://github.com/kata-containers/runtime/releases/tag/1.1…
Release Notes Third Party Advisory
https://github.com/kata-containers/runtime/releases/tag/1.12.0