8 matches found
GO-2022-0344 containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd
containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd...
containerd Image Volume Insecure Handling Exploit
containerd: Insecure handling of image volumes containerd's cri plugin handles image volumes containing path traversals insecurely. This can be used to copy arbitrary host directories to a container-mounted path. OCI images contain a JSON config file described in...
Insecure handling of image volumes in containerd CRI plugin
...
CVE-2022-23648 Insecure handling of image volumes in containerd CRI plugin
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...
GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes
Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
containerd CRI plugin: Insecure handling of image volumes
Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
CVE-2015-3631
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...
Design/Logic Flaw
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...