CVE-2023-25173 — Incorrect Authorization in Containerd
Severity
7.8HIGHNVD
CNA5.3GHSA7.1OSV7.1
EPSS
0.0%
top 93.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 16
Latest updateJul 5
Description
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Down…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
6📋Vendor Advisories
4Debian▶
CVE-2023-25173: containerd - containerd is an open source container runtime. A bug was found in containerd pr...↗2023