Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
katacontainers runtime vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-27151
An issue exists in Kata Containers up to and including 1.11.3 and 2.x up to and including 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute...
Katacontainers Kata Containers
Katacontainers Kata Containers 2.0.0
8.8
CVSSv3
CVE-2020-2026
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This ...
Katacontainers Runtime
Fedoraproject Fedora 31
8.8
CVSSv3
CVE-2020-2025
Kata Containers prior to 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all V...
Katacontainers Runtime
6.5
CVSSv3
CVE-2020-2024
An improper link resolution vulnerability affects Kata Containers versions before 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
Katacontainers Runtime
6.3
CVSSv3
CVE-2020-2023
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11....
Katacontainers Runtime
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started