CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15257 – containerd-shim API Exposed to Host Network Containers
https://notcve.org/view.php?id=CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. • https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad https://github.com/containerd/containerd/releases/tag/v1.4.3 https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD https://security.gentoo.org/glsa/202105-33 https://www.debian.org/security/2021/dsa-4865 https://access.redhat.com/security/cve/CVE-2020-15257 https://bugzilla.redh • CWE-269: Improper Privilege Management CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26892
https://notcve.org/view.php?id=CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. La biblioteca JWT en NATS nats-server versiones anteriores a 2.1.9, presenta un Control de Acceso Incorrecto debido a cómo son manejaban las credenciales expiradas • https://github.com/nats-io/nats-server/commits/master https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI https://www.openwall.com/lists/oss-security/2020/11/02/2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26521
https://notcve.org/view.php?id=CVE-2020-26521
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). La biblioteca JWT en NATS nats-server versiones anteriores a 2.1.9, permite una denegación de servicio (una desreferencia nil en el código Go) • http://www.openwall.com/lists/oss-security/2020/11/02/2 https://github.com/nats-io/nats-server/commits/master https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15157 – containerd can be coerced into leaking credentials during image pull
https://notcve.org/view.php?id=CVE-2020-15157
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. • https://github.com/containerd/containerd/releases/tag/v1.2.14 https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c https://usn.ubuntu.com/4589-1 https://usn.ubuntu.com/4589-2 https://www.debian.org/security/2021/dsa-4865 https://access.redhat.com/security/cve/CVE-2020-15157 https://bugzilla.redhat.com/show_bug.cgi?id=1888248 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26149
https://notcve.org/view.php?id=CVE-2020-26149
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. NATS nats.js versiones anteriores a 2.0.0-209, nats.ws versiones anteriores a 1.0.0-111 y nats.deno versiones anteriores a 1.0.0-9, permiten una divulgación de credenciales de un cliente hacia un servidor • http://www.openwall.com/lists/oss-security/2020/09/30/3 https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9 https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7 • CWE-522: Insufficiently Protected Credentials •