blob: edb27f37fc9d28494b3d9b9d549320b1dcd732f2 [file] [log] [blame]
id: GO-2023-1574
modules:
- module: github.com/containerd/containerd
versions:
- fixed: 1.5.18
- introduced: 1.6.0
- fixed: 1.6.18
vulnerable_at: 1.6.17
packages:
- package: github.com/containerd/containerd/oci
symbols:
- WithUser
- WithUIDGID
- WithUserID
- WithUsername
- WithAdditionalGIDs
- package: github.com/containerd/containerd/pkg/cri/server
symbols:
- criService.containerSpecOpts
derived_symbols:
- criService.CreateContainer
- instrumentedAlphaService.CreateContainer
- instrumentedService.CreateContainer
summary: |-
Privilege escalation via supplementary groups in
github.com/containerd/containerd
description: |-
Supplementary groups are not set up properly inside a container. If an attacker
has direct access to a container and manipulates their supplementary group
access, they may be able to use supplementary group access to bypass primary
group restrictions in some cases and potentially escalate privileges in the
container. Uses of the containerd client library may also have improperly setup
supplementary groups.
cves:
- CVE-2023-25173
ghsas:
- GHSA-hmfx-3pcx-653p
related:
- GHSA-4wjj-jwc9-2x96
- GHSA-fjm8-m7m6-2fjp
- GHSA-phjr-8j92-w5v7
- GHSA-rc4r-wh2q-q6c4
- CVE-2022-2989
- CVE-2022-2990
- CVE-2022-2995
- CVE-2022-36109
references:
- advisory: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
- article: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
- fix: https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- web: https://github.com/advisories/GHSA-4wjj-jwc9-2x96
- web: https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
- web: https://github.com/advisories/GHSA-phjr-8j92-w5v7
- web: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
review_status: REVIEWED