cnvd - cnvd-2022-29292

cnvd-2022-29292

Vulnerability from cnvd

Title: Apache containerd信息泄露漏洞

Description:

containerd是美国阿帕奇（Apache）基金会的一个容器守护进程。该进程根据 RunC OCI 规范负责控制宿主机上容器的完整周期。

Apache containerd存在信息泄露漏洞，攻击者可利用该漏洞通过特殊的镜像配置启动容器并访问主机上任意文件和目录的只读副本。

Severity: 中

Patch Name: Apache containerd信息泄露漏洞的补丁

Patch Description:

containerd是美国阿帕奇（Apache）基金会的一个容器守护进程。该进程根据 RunC OCI 规范负责控制宿主机上容器的完整周期。

Apache containerd存在信息泄露漏洞，攻击者可利用该漏洞通过特殊的镜像配置启动容器并访问主机上任意文件和目录的只读副本。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://devolutions.net/security/advisories/DEVO-2022-0001

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-23648

Impacted products

Name
['Apache containerd <1.6.1', 'Apache containerd <1.5.10', 'Apache containerd <1.14.12']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-23648"
    }
  },
  "description": "containerd\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5bb9\u5668\u5b88\u62a4\u8fdb\u7a0b\u3002\u8be5\u8fdb\u7a0b\u6839\u636e RunC OCI \u89c4\u8303\u8d1f\u8d23\u63a7\u5236\u5bbf\u4e3b\u673a\u4e0a\u5bb9\u5668\u7684\u5b8c\u6574\u5468\u671f\u3002\n\nApache containerd\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u6b8a\u7684\u955c\u50cf\u914d\u7f6e\u542f\u52a8\u5bb9\u5668\u5e76\u8bbf\u95ee\u4e3b\u673a\u4e0a\u4efb\u610f\u6587\u4ef6\u548c\u76ee\u5f55\u7684\u53ea\u8bfb\u526f\u672c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://devolutions.net/security/advisories/DEVO-2022-0001",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-29292",
  "openTime": "2022-04-15",
  "patchDescription": "containerd\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5bb9\u5668\u5b88\u62a4\u8fdb\u7a0b\u3002\u8be5\u8fdb\u7a0b\u6839\u636e RunC OCI \u89c4\u8303\u8d1f\u8d23\u63a7\u5236\u5bbf\u4e3b\u673a\u4e0a\u5bb9\u5668\u7684\u5b8c\u6574\u5468\u671f\u3002\r\n\r\nApache containerd\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u6b8a\u7684\u955c\u50cf\u914d\u7f6e\u542f\u52a8\u5bb9\u5668\u5e76\u8bbf\u95ee\u4e3b\u673a\u4e0a\u4efb\u610f\u6587\u4ef6\u548c\u76ee\u5f55\u7684\u53ea\u8bfb\u526f\u672c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache containerd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache containerd \u003c1.6.1",
      "Apache containerd \u003c1.5.10",
      "Apache containerd \u003c1.14.12"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-23648",
  "serverity": "\u4e2d",
  "submitTime": "2022-03-04",
  "title": "Apache containerd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2022-23648 (GCVE-0-2022-23648)

Vulnerability from cvelistv5

Published

2022-03-03 00:00

Modified

2024-08-03 03:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.

References

▼	URL	Tags
	https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
	https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
	https://github.com/containerd/containerd/releases/tag/v1.4.13
	https://github.com/containerd/containerd/releases/tag/v1.5.10
	https://github.com/containerd/containerd/releases/tag/v1.6.1
	https://www.debian.org/security/2022/dsa-5091	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/	vendor-advisory
	http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/	vendor-advisory
	https://security.gentoo.org/glsa/202401-31	vendor-advisory

Impacted products

	Vendor	Product	Version
	containerd	containerd	Version: < 1.4.13 Version: >= 1.5.0, < 1.5.10 Version: >= 1.6.0, < 1.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/releases/tag/v1.4.13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/releases/tag/v1.5.10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/containerd/containerd/releases/tag/v1.6.1"
          },
          {
            "name": "DSA-5091",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5091"
          },
          {
            "name": "FEDORA-2022-dc35dd101f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/"
          },
          {
            "name": "FEDORA-2022-230f2b024b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html"
          },
          {
            "name": "FEDORA-2022-d9c9bf56f6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/"
          },
          {
            "name": "GLSA-202401-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "containerd",
          "vendor": "containerd",
          "versions": [
            {
              "status": "affected",
              "version": " \u003c 1.4.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.5.0, \u003c 1.5.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.6.0, \u003c 1.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd\u2019s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd\u2019s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T13:06:18.281051",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7"
        },
        {
          "url": "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70"
        },
        {
          "url": "https://github.com/containerd/containerd/releases/tag/v1.4.13"
        },
        {
          "url": "https://github.com/containerd/containerd/releases/tag/v1.5.10"
        },
        {
          "url": "https://github.com/containerd/containerd/releases/tag/v1.6.1"
        },
        {
          "name": "DSA-5091",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5091"
        },
        {
          "name": "FEDORA-2022-dc35dd101f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/"
        },
        {
          "name": "FEDORA-2022-230f2b024b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/"
        },
        {
          "url": "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html"
        },
        {
          "name": "FEDORA-2022-d9c9bf56f6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/"
        },
        {
          "name": "GLSA-202401-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-31"
        }
      ],
      "source": {
        "advisory": "GHSA-crp2-qrr5-8pq7",
        "discovery": "UNKNOWN"
      },
      "title": "Insecure handling of image volumes in containerd CRI plugin"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23648",
    "datePublished": "2022-03-03T00:00:00",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-03T03:51:45.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted