| id: GO-2023-1574 |
| modules: |
| - module: github.com/containerd/containerd |
| versions: |
| - fixed: 1.5.18 |
| - introduced: 1.6.0 |
| - fixed: 1.6.18 |
| vulnerable_at: 1.6.17 |
| packages: |
| - package: github.com/containerd/containerd/oci |
| symbols: |
| - WithUser |
| - WithUIDGID |
| - WithUserID |
| - WithUsername |
| - WithAdditionalGIDs |
| - package: github.com/containerd/containerd/pkg/cri/server |
| symbols: |
| - criService.containerSpecOpts |
| derived_symbols: |
| - criService.CreateContainer |
| - instrumentedAlphaService.CreateContainer |
| - instrumentedService.CreateContainer |
| summary: |- |
| Privilege escalation via supplementary groups in |
| github.com/containerd/containerd |
| description: |- |
| Supplementary groups are not set up properly inside a container. If an attacker |
| has direct access to a container and manipulates their supplementary group |
| access, they may be able to use supplementary group access to bypass primary |
| group restrictions in some cases and potentially escalate privileges in the |
| container. Uses of the containerd client library may also have improperly setup |
| supplementary groups. |
| cves: |
| - CVE-2023-25173 |
| ghsas: |
| - GHSA-hmfx-3pcx-653p |
| related: |
| - GHSA-4wjj-jwc9-2x96 |
| - GHSA-fjm8-m7m6-2fjp |
| - GHSA-phjr-8j92-w5v7 |
| - GHSA-rc4r-wh2q-q6c4 |
| - CVE-2022-2989 |
| - CVE-2022-2990 |
| - CVE-2022-2995 |
| - CVE-2022-36109 |
| references: |
| - advisory: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p |
| - article: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ |
| - fix: https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a |
| - web: https://github.com/advisories/GHSA-4wjj-jwc9-2x96 |
| - web: https://github.com/advisories/GHSA-fjm8-m7m6-2fjp |
| - web: https://github.com/advisories/GHSA-phjr-8j92-w5v7 |
| - web: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 |
| review_status: REVIEWED |