ALAS2ECS-2023-024 --- containerdID: oval:org.secpod.oval:def:1701940 | Date: (C)2023-11-24 (M)2024-02-08 |
Class: PATCH | Family: unix |
A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation