CVE-2022-23648 — Sensitive Information Exposure in Containerd
Severity
7.5HIGHNVD
EPSS
6.2%
top 9.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 3
Latest updateAug 21
Description
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitiv…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 11.0, Fedora 34, 35, 36