{"uuid": "b2c7ed35-6ef4-4a83-be7b-b118cc734151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "seen", "source": "https://t.me/cibsecurity/38353", "content": "\u203c CVE-2022-23648 \u203c\n\ncontainerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-03T16:26:05.000000Z"}