Vulnerability Database

323,116

Total vulnerabilities in the database

CVE-2020-2023

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Published: Jun 10, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-2023
GHSA: GHSA-6978-vg2j-cc9q
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
katacontainers / runtime	1.10	1.10.5
katacontainers / runtime	1.11	1.11.1
katacontainers / runtime	-	1.9.x
github.com/kata-containers/agent	-	1.9.1
github.com/kata-containers/agent	1.10.0	1.10.5
github.com/kata-containers/agent	1.11.0	1.11.1
github.com/kata-containers/runtime	-	1.9.1
github.com/kata-containers/runtime	1.10.0	1.10.5
github.com/kata-containers/runtime	1.11.0	1.11.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo