what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2022-23648

Status Candidate

Overview

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.

Related Files

Gentoo Linux Security Advisory 202401-31
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-31 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions greater than or equal to 1.6.14 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-32760, CVE-2021-41103, CVE-2022-23471, CVE-2022-23648, CVE-2022-24769, CVE-2022-31030
SHA-256 | 340e890e584a72be161ce1a3ca689044b98f4c14c7bc18bb98943aa01d4f4ea1
Download | Favorite | View
Ubuntu Security Notice USN-5311-2
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-2 - USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for thisCVE by mistake. This update corrects the problem. It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23648
SHA-256 | bf0c845e991aeba0eca65f4b23d29f729ad0f1896214182e1ae0fa304a019039
Download | Favorite | View
Debian Security Advisory 5091-1
Posted Mar 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5091-1 - Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2022-23648
SHA-256 | e63a6746ffb3a0ebb5b67732d4e19941b8a93c8206828f44778f919a2ccbf65d
Download | Favorite | View
containerd Image Volume Insecure Handling
Posted Mar 24, 2022
Authored by Google Security Research, Felix Wilhelm

containerd suffers from an insecure handling vulnerability related to image volumes.

tags | exploit
advisories | CVE-2022-23648
SHA-256 | b48bfd4366814227d48303e9535b5ccfe89e805d02c9e299e3b73f9fe15bbda5
Download | Favorite | View
Ubuntu Security Notice USN-5311-1
Posted Mar 3, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-1 - It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23648
SHA-256 | 5efeeadac5a6cfae3bf4bb56fe44a99d061fa7f74da141e96f22e6b9dcf626d5
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    0 Files
  • 3
    May 3rd
    0 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close