An issue exists in Kata Containers up to and including 1.11.3 and 2.x up to and including 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
katacontainers kata containers |
||
katacontainers kata containers 2.0.0 |