43 matches found
CVE-2022-36103
Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API...
PT-2022-4910 · Talos · Talos
Name of the Vulnerable Software and Affected Versions: Talos versions prior to 1.2.2 Description: The issue is related to improper validation of the request while signing a worker node CSR, which might allow a Talos control plane node to issue a Talos API certificate with full access to the Talos...
Privilege Escalation
containerd is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of node location allowing an attacker to bind mount via hostPath...
GHSA-MVFF-H3CJ-WJ9C Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
Impact Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of...
CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
Design/Logic Flaw
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
CVE-2021-43816 Improper Preservation of Permissions in containerd
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
CVE-2021-43816
CVE-2021-43816 affects containerd (CRI) on SELinux-enabled distros (EL8/CentOS/RHEL, Fedora, SUSE MicroOS). An unprivileged pod could bind-mount a privileged host file via hostPath at /etc/hosts, /etc/hostname, or /etc/resolv.conf, relabeling that path to the container process label and potential...
containerd 权限许可和访问控制问题漏洞
containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. containerd has a security vulnerability that stems from containerd as a fallback Container Runtime Interface CR...
EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1027)
According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting...
EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1008)
According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting...
openSUSE Security Update : podman (openSUSE-2020-2039)
This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...
CVE-2020-28914
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest...
CVE-2020-28914
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest...
Input validation
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest...
CVE-2020-28914
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest...