10 matches found
GO-2026-4590 Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user in github.com/rancher/rancher
Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the handler process. An attacker can trigger unauthorized WASM module execution in the controller context by sending crafted AdmissionReview requests directly to webhook endpoints from an...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-3118)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1,...
Medium: containerd
Issue Overview: A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on...
Ubuntu 20.04 LTS : containerd regression (USN-5311-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5311-2 advisory. USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for this CVE by mistake. This update corrects the problem. We...
MGASA-2022-0088 Updated docker-containerd packages fix security vulnerability
A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
CVE-2022-23648
CVE-2022-23648 affects containerd’s CRI implementation on Linux where specially-crafted image configurations could allow reading read-only copies of arbitrary host files and directories, potentially bypassing policy enforcement. The issue was fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users s...
PT-2022-2056
Name of the Vulnerable Software and Affected Versions containerd versions prior to 1.6.1 containerd versions prior to 1.5.10 containerd versions prior to 1.4.12 Description A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted ima...
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
Impact Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of...
DEBIAN-CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...