ALAS2NITRO-ENCLAVES-2022-015 --- containerdID: oval:org.secpod.oval:def:1700855 | Date: (C)2022-03-08 (M)2024-02-08 |
Class: PATCH | Family: unix |
A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation