Lucene search

K

GoogleOSV:CVE-2020-2026

HistoryJun 10, 2020 - 6:15 p.m.

CVE-2020-2026

2020-06-1018:15:11

Google

osv.dev

4

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

21.8%

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.

References

github.com/kata-containers/runtime/issues/2712

github.com/kata-containers/runtime/pull/2713

github.com/kata-containers/runtime/releases/tag/1.10.5

github.com/kata-containers/runtime/releases/tag/1.11.1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P7FHA4AF6Y6PAVJBTTQPUEHXZQUOF3P/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JPBKAQBF3OR72N55GWM2TDYQP2OHK6H/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6W5MKF7HSAIL2AX2BX6RV4WWVGUIKVLS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJAMOVB7DSOGX7J26QH5HZKU7GSSX2VU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNJHSSPCKUGJDVXXIXK2JUWCRJDQX7CE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWACJQSMY5BVDMVTF3FBN7HZSOSFOG3Q/

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

21.8%

Related for OSV:CVE-2020-2026

fedora6 openvas6 nessus8 github1 osv1 cvelist1 veracode1 nvd1 prion1 cve1 oraclelinux2 kitploit1