Vulnerability Report: GO-2023-1574
- CVE-2023-25173, GHSA-hmfx-3pcx-653p
- Affects: github.com/containerd/containerd
- Published: Feb 17, 2023
- Modified: Aug 21, 2024
Supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases and potentially escalate privileges in the container. Uses of the containerd client library may also have improperly setup supplementary groups.
For detailed information about this vulnerability, visit https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.5.18, from v1.6.0 before v1.6.18
5 affected symbols
-
before v1.5.18, from v1.6.0 before v1.6.18
4 unexported affected symbols
- criService.CreateContainer
- criService.containerSpecOpts
- instrumentedAlphaService.CreateContainer
- instrumentedService.CreateContainer
Aliases
References
- https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
- https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
- https://github.com/advisories/GHSA-4wjj-jwc9-2x96
- https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
- https://github.com/advisories/GHSA-phjr-8j92-w5v7
- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
- https://vuln.go.dev/ID/GO-2023-1574.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.