One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296089 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-013 |
| Texte | Published: 2022-04-11 Updated: 2022-04-22Description Description Severity Notes A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host. This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin Medium CVE-2022-23648 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 013 2022 22description 23648 access and anthos any arbitrary aws azure bare based been bulletin bulletins: bypass clusters configuration container containerd containers could crafted cri cve description details directories discovered enforcement files following for full gain gcp gke handling has host image implementation including instructions kubernetes launched may medium metal more notes oci path pod policy published: read security see setup severity specially specification the this through traversal updated: vmware volume vulnerability with |
| Tags | Vulnerability |
| Stories | Uber |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.