Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-2026
HistoryJun 10, 2020 - 6:15 p.m.

CVE-2020-2026

2020-06-1018:15:11
CWE-59
[email protected]
web.nvd.nist.gov
2

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

21.8%

JSON

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.

Affected configurations

NVD
Node
katacontainersruntimeRange1.9
OR
katacontainersruntimeRange1.101.10.5
OR
katacontainersruntimeRange1.111.11.1
Node
fedoraprojectfedoraMatch31

References

Related

fedora 6
cvelist 1
veracode 1
nessus 8
openvas 6
github 1
osv 2
prion 1
cve 1
oraclelinux 2
kitploit 1
fedora
fedora
[SECURITY] Fedora 31 Update: kata-proxy-1.11.1-1.fc31.1
2020-10-17 14:24:57
[SECURITY] Fedora 31 Update: kata-ksm-throttler-1.11.1-1.fc31.1
2020-11-05 02:11:52
[SECURITY] Fedora 31 Update: kata-osbuilder-1.11.1-1.fc31.1
2020-11-05 02:11:53
cvelist
cvelist
CVE-2020-2026 Kata Containers - Guests can trick the kata-runtime into mounting the container image on any host path
2020-06-10 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-06-19 05:41:18
nessus
nessus
Fedora 31 : kata-runtime (2020-7a0b6071a4)
2020-10-19 00:00:00
Fedora 31 : kata-proxy (2020-2f5879aeb6)
2020-10-19 00:00:00
Fedora 31 : kata-shim (2020-1af9cd8c87)
2020-11-06 00:00:00
openvas
openvas
Fedora: Security Advisory for kata-proxy (FEDORA-2020-2f5879aeb6)
2020-10-18 00:00:00
Fedora: Security Advisory for kata-osbuilder (FEDORA-2020-61fcf3ffc7)
2020-11-05 00:00:00
Fedora: Security Advisory for kata-agent (FEDORA-2020-c33083813d)
2020-10-19 00:00:00
github
github
Link Following in Kata Runtime
2022-02-15 01:57:18
osv
osv
Link Following in Kata Runtime
2022-02-15 01:57:18
CVE-2020-2026
2020-06-10 18:15:11
prion
prion
Code injection
2020-06-10 18:15:00
cve
cve
CVE-2020-2026
2020-06-10 18:15:11
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update
2020-07-22 00:00:00
Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update
2020-07-22 00:00:00
kitploit
kitploit
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
2021-06-04 21:30:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

21.8%

JSON
Related for NVD:CVE-2020-2026
fedora6cvelist1veracode1nessus8openvas6github1osv2prion1cve1oraclelinux2kitploit1