exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 15

GHSA-crp2-qrr5-8pq7

больше 3 лет назад

containerd CRI plugin: Insecure handling of image volumes

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23648

больше 3 лет назад

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23648

больше 3 лет назад

CVSS3: 7.4

EPSS: Низкий

CVE-2022-23648

больше 3 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23648

больше 3 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23648

больше 3 лет назад

containerd is a container runtime available as a daemon for Linux and ...

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2022:0720-1

больше 3 лет назад

Security update for containerd

EPSS: Низкий

SUSE-SU-2022:0720-1

больше 3 лет назад

Security update for containerd

EPSS: Низкий

SUSE-SU-2022:0719-1

больше 3 лет назад

Security update for containerd

EPSS: Низкий

BDU:2022-01715

больше 3 лет назад

Уязвимость среды выполнения контейнеров Containerd, связанная с недостатками процедуры аутентификации, позволяющая нарушителю раскрыть защищаемую информацию

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2022:10022-1

около 3 лет назад

Security update for trivy

EPSS: Низкий

ROS-20240503-03

около 1 года назад

Уязвимость containerd

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2022:10094-1

почти 3 года назад

Security update for trivy

EPSS: Низкий

SUSE-SU-2022:1689-1

около 3 лет назад

Security update for containerd, docker

EPSS: Низкий

SUSE-SU-2022:1507-1

около 3 лет назад

Security update for containerd, docker

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
GHSA-crp2-qrr5-8pq7 containerd CRI plugin: Insecure handling of image volumes	CVSS3: 7.5	6% Низкий	больше 3 лет назад
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.	CVSS3: 7.5	6% Низкий	больше 3 лет назад
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.	CVSS3: 7.4	6% Низкий	больше 3 лет назад
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.	CVSS3: 7.5	6% Низкий	больше 3 лет назад
CVE-2022-23648	CVSS3: 7.5	6% Низкий	больше 3 лет назад
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and ...	CVSS3: 7.5	6% Низкий	больше 3 лет назад
openSUSE-SU-2022:0720-1 Security update for containerd		6% Низкий	больше 3 лет назад
SUSE-SU-2022:0720-1 Security update for containerd		6% Низкий	больше 3 лет назад
SUSE-SU-2022:0719-1 Security update for containerd		6% Низкий	больше 3 лет назад
BDU:2022-01715 Уязвимость среды выполнения контейнеров Containerd, связанная с недостатками процедуры аутентификации, позволяющая нарушителю раскрыть защищаемую информацию	CVSS3: 7.5	6% Низкий	больше 3 лет назад
openSUSE-SU-2022:10022-1 Security update for trivy			около 3 лет назад
ROS-20240503-03 Уязвимость containerd	CVSS3: 7.5	6% Низкий	около 1 года назад
openSUSE-SU-2022:10094-1 Security update for trivy			почти 3 года назад
SUSE-SU-2022:1689-1 Security update for containerd, docker			около 3 лет назад
SUSE-SU-2022:1507-1 Security update for containerd, docker			около 3 лет назад

Уязвимостей на страницу