Lucene search
K

8 matches found

OSV
OSV
added 2024/08/21 2:30 p.m.20 views

GO-2022-0344 containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd...

7.5CVSS7.6AI score0.27392EPSS
Exploits4References15
0day.today
0day.today
added 2022/03/24 12:0 a.m.411 views

containerd Image Volume Insecure Handling Exploit

containerd: Insecure handling of image volumes containerd's cri plugin handles image volumes containing path traversals insecurely. This can be used to copy arbitrary host directories to a container-mounted path. OCI images contain a JSON config file described in...

7.5CVSS7.9AI score0.27392EPSS
Exploits4
Microsoft CVE
Microsoft CVE
added 2022/03/11 8:0 a.m.3 views

Insecure handling of image volumes in containerd CRI plugin

...

7.5CVSS6.7AI score0.27392EPSS
Exploits4
Cvelist
Cvelist
added 2022/03/03 12:0 a.m.18 views

CVE-2022-23648 Insecure handling of image volumes in containerd CRI plugin

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...

7.5CVSS8AI score0.27392EPSS
Exploits4References11
OSV
OSV
added 2022/03/02 9:33 p.m.47 views

GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes

Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS7.9AI score0.27392EPSS
Exploits4References16
Github Security Blog
Github Security Blog
added 2022/03/02 9:33 p.m.88 views

containerd CRI plugin: Insecure handling of image volumes

Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS0.7AI score0.27392EPSS
Exploits4References16Affected Software1
NVD
NVD
added 2015/05/18 3:59 p.m.21 views

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

3.6CVSS7.4AI score0.00567EPSS
Exploits0References4
Prion
Prion
added 2015/05/18 3:59 p.m.23 views

Design/Logic Flaw

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

3.6CVSS6.6AI score0.00567EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder