Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XKatacontainers Confidential Containers
APPKatacontainers0.9.0 – 0.20.0 (bez)Katacontainers Kata Containers
APPKatacontainers3.4.0 – 3.29.0 (bez)
Related vulnerabilities
Kata Containers: modyfikacja systemu plików VM umożliwia RCE jako root
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machine...
An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute bi...
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes ho...
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running mul...