exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2022-23648

Status Candidate

Overview

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.

Related Files

Gentoo Linux Security Advisory 202401-31
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-31 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions greater than or equal to 1.6.14 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-32760, CVE-2021-41103, CVE-2022-23471, CVE-2022-23648, CVE-2022-24769, CVE-2022-31030
SHA-256 | 340e890e584a72be161ce1a3ca689044b98f4c14c7bc18bb98943aa01d4f4ea1
Download | Favorite | View
Ubuntu Security Notice USN-5311-2
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-2 - USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for thisCVE by mistake. This update corrects the problem. It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23648
SHA-256 | bf0c845e991aeba0eca65f4b23d29f729ad0f1896214182e1ae0fa304a019039
Download | Favorite | View
Debian Security Advisory 5091-1
Posted Mar 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5091-1 - Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2022-23648
SHA-256 | e63a6746ffb3a0ebb5b67732d4e19941b8a93c8206828f44778f919a2ccbf65d
Download | Favorite | View
containerd Image Volume Insecure Handling
Posted Mar 24, 2022
Authored by Google Security Research, Felix Wilhelm

containerd suffers from an insecure handling vulnerability related to image volumes.

tags | exploit
advisories | CVE-2022-23648
SHA-256 | b48bfd4366814227d48303e9535b5ccfe89e805d02c9e299e3b73f9fe15bbda5
Download | Favorite | View
Ubuntu Security Notice USN-5311-1
Posted Mar 3, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-1 - It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23648
SHA-256 | 5efeeadac5a6cfae3bf4bb56fe44a99d061fa7f74da141e96f22e6b9dcf626d5
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close