{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T18:46:11.026","vulnerabilities":[{"cve":{"id":"CVE-2020-28914","sourceIdentifier":"cve@mitre.org","published":"2020-11-17T22:15:12.387","lastModified":"2024-11-21T05:23:16.987","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only."},{"lang":"es","value":"Una vulnerabilidad de permisos de archivo inapropiados afecta a Kata Containers versiones anteriores a 1.11.5. Cuando se usa un volumen hostPath de Kubernetes y se monta un archivo o directorio en un contenedor como de solo lectura, el file/directory es montado como readOnly dentro del contenedor, pero aún puede ser escribible dentro del invitado. Para una situación de fuga de contenedor, un invitado malicioso puede modificar o eliminar files/directories que se espera sean de solo lectura"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:P","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:katacontainers:kata-containers:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.5","matchCriteriaId":"F0AA3993-8AEF-41CB-B05A-CCB3166028B7"}]}]}],"references":[{"url":"https://github.com/kata-containers/kata-containers/pull/1062","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/pull/3042","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/pull/3051","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/releases/tag/1.11.5","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/releases/tag/1.12.0","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/kata-containers/kata-containers/pull/1062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/pull/3042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/pull/3051","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/releases/tag/1.11.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/kata-containers/runtime/releases/tag/1.12.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}