Main Vulnerability Database Exploits ID:9058 - Exploit for Improper Privilege Management in Runtime - CVE-2020-2023

ID:9058 - Exploit for Improper Privilege Management in Runtime - CVE-2020-2023

Published: May 9, 2023

Vulnerability identifier: #VU34359

Vulnerability risk: Low

CVE-ID: CVE-2020-2023

CWE-ID: CWE-269

Exploitation vector: Local access

Vulnerable software:
Runtime

Link to public exploit:

https://github.com/ssst0n3/kata-cve-2020-2023-poc

Vulnerability description

The vulnerability allows a local authenticated user to read and manipulate data.

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Remediation

Install update from vendor's website.

ID:9058 - Exploit for Improper Privilege Management in Runtime - CVE-2020-2023

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human