💻
💻
💻
💻
cheat-sheets
Search…
Application Security Cheat Sheet
Android Application
Overview
Intent Vulnerabilities
WebView Vulnerabilities
Cloud
AWS
Container
Overview
Escaping
CVE List
Exposed Docker Socket
Excessive Capabilities
Host Networking Driver
Sensitive Mounts
Container Analysis Tools
Framework
Spring
React
Linux
Overview
Bash Tips
iOS Application
Overview
Getting Started
Resources
Lists
Researching
Software
Training
Web Application
Abusing HTTP hop-by-hop Request Headers
Broken Authentication
Command Injection
Content Security Policy
Cookie Security
CORS Misconfiguration
File Upload Vulnerabilities
GraphQL Vulnerabilities
HTML Injection
HTTP Header Security
HTTP Request Smuggling
Improper Rate Limits
JavaScript Prototype Pollution
JSON Web Token Vulnerabilities
OAuth 2.0 Vulnerabilities
Race Condition
Server Side Request Forgery
Web Cache Poisoning
Powered By GitBook
CVE List

Containerd

CVE
Title
Affected versions
References
​CVE-2022-23648​
Containers that launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host
<= 1.4.12
1.5.0 - 1.5.9
1.6.0
​CVE-2021-41103​
Insufficiently restricted permissions on container root and plugin directories
<1.4.11
<1.5.7
​CVE-2021-32760​
Archive package allows chmod of file outside of unpack target directory
<=1.4.7
<=1.5.3
​CVE-2021-21334​
containerd CRI plugin: environment variables can leak between containers
<=1.3.9
<= 1.4.3
​CVE-2020-15257​
containerd-shim API Exposed to Host Network Containers
<=1.3.7
1.4.0
1.4.1
​CVE-2020-15157​
containerd v1.2.x can be coerced into leaking credentials during image pull
< 1.3.0

CRI-O

CVE
Title
Affected versions
References
​CVE-2022-0811​
Rights to deploy a pod on a Kubernetes cluster leads to abusing the kernel.core_pattern parameter
>1.19.0

Linux kernel

CVE
Title
Required capabilities
References
​CVE-2022-25636​
An out-of-bounds memory access leads to privilege escalation
CAP_NET_ADMIN
​CVE-2022-0492​
Missing verification allows setting the release_agent file for the process without administrative privileges
CAP_SYS_ADMIN
Disabled AppArmor/SELinux
Disabled Seccomp
​CVE-2022-0185​
A heap-based buffer overflow flaw in the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel
CAP_SYS_ADMIN
or unshare(CLONE_NEWNS|CLONE_NEWUSER)​
​CVE-2021-22555​
A heap out-of-bounds write in Linux Netfilter
CAP_NET_ADMIN
​CVE-2021-31440​
The flaw in handling of eBPF programs leads to escalate privileges
CAP_SYS_MODULE
​CVE-2020-8835​
The bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory
CAP_SYS_ADMIN
​CVE-2017-7308​
The packet_set_ring function in net/packet/af_packet.c does not properly validate certain block-size data, which allows local users to gain privileges via crafted system calls.
CAP_NET_RAW

RunC

CVE
Title
Affected versions
References
​CVE-2021-30465​
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
<=1.0.0-rc94
​CVE-2019-19921​
procfs race condition with a shared volume mount
<1.0.0-rc10
​CVE-2019-5736​
Overwrite host runc binary due to file-descriptor mishandling
<=1.0-rc6

References

Container - Previous
Escaping
Next
Exposed Docker Socket
Last modified 1mo ago
Copy link
Outline
Containerd
CRI-O
Linux kernel
RunC
References