Vulnerability Details : CVE-2022-23648
Potential exploit
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
Vulnerability category: Information leak
Products affected by CVE-2022-23648
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23648
6.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23648
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2022-23648
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2022-23648
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/
[SECURITY] Fedora 36 Update: containerd-1.6.1-1.fc36 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/
[SECURITY] Fedora 36 Update: containerd-1.6.1-1.fc36 - package-announce - Fedora Mailing-Lists
-
https://github.com/containerd/containerd/releases/tag/v1.6.1
Release containerd 1.6.1 · containerd/containerd · GitHubPatch;Release Notes;Third Party Advisory
-
http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html
containerd Image Volume Insecure Handling ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.debian.org/security/2022/dsa-5091
Debian -- Security Information -- DSA-5091-1 containerdMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/
[SECURITY] Fedora 35 Update: containerd-1.6.1-1.fc35 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://security.gentoo.org/glsa/202401-31
containerd: Multiple Vulnerabilities (GLSA 202401-31) — Gentoo security
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/
[SECURITY] Fedora 34 Update: containerd-1.6.1-1.fc34 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://github.com/containerd/containerd/releases/tag/v1.4.13
Release containerd 1.4.13 · containerd/containerd · GitHubPatch;Release Notes;Third Party Advisory
-
https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
Merge pull request #6607 from dmcgowan/prepare-v1.6.1 · containerd/containerd@10f428d · GitHubPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/
[SECURITY] Fedora 34 Update: containerd-1.6.1-1.fc34 - package-announce - Fedora Mailing-Lists
-
https://github.com/containerd/containerd/releases/tag/v1.5.10
Release containerd 1.5.10 · containerd/containerd · GitHubPatch;Release Notes;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/
[SECURITY] Fedora 35 Update: containerd-1.6.1-1.fc35 - package-announce - Fedora Mailing-Lists
-
https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
containerd CRI plugin: Insecure handling of image volumes · Advisory · containerd/containerd · GitHubThird Party Advisory
Jump to