CVE-2020-15157

Priority
Description
If a container image manifest in the Image V2 Schema 2 format includes
a URL for the location of a specific image layer, ctr/containerd will
follow that URL to attempt to download it. In v1.2.x but not 1.3.x,
ctr/containerd will provide its authentication credentials if the
server where the URL is located presents an HTTP 401 status code
along with registry-specific HTTP headers.
.
If an attacker publishes a public image with a manifest that directs
one of the layers to be fetched from a web server they control and
they trick a user or system into pulling the image, they can obtain
the credentials used by ctr/containerd. In some cases, this may be
the user's username and password for the registry. In other cases,
this may be the credentials attached to the cloud virtual instance
which can grant access to other cloud resources in the account.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.6-0ubuntu1~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (v1.2 only)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (v1.2 only)
Ubuntu 20.10 (Groovy Gorilla):not-affected (v1.2 only)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (18.09.7-0ubuntu1~16.04.6)
Ubuntu 18.04 LTS (Bionic Beaver):released (19.03.6-0ubuntu1~18.04.2)
Ubuntu 20.04 LTS (Focal Fossa):released (19.03.8-0ubuntu1.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):released (19.03.13-0ubuntu3)
More Information

Updated: 2020-10-19 14:17:04 UTC (commit a79b9412cf9775c7fc533cadfc3858938297a7f9)