CVE-2020-15157

Public on 2020-10-16

Modified on 2021-12-28

Description

A flaw was found in containerd. Credentials may be leaked during an image pull.

Severity

Medium

See what this means

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	containerd	2021-12-28 23:54	ALAS-2021-1555
Amazon Linux 2 - Docker Extra	containerd	2021-10-19 20:50	ALAS2DOCKER-2021-013
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	containerd	2021-10-19 20:50	ALAS2NITRO-ENCLAVES-2021-013

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
NVD	CVSSv2	2.6	AV:N/AC:H/Au:N/C:P/I:N/A:N
NVD	CVSSv3	6.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

References

Red Hat: CVE-2020-15157 Mitre: CVE-2020-15157 FAQs regarding Amazon Linux ALAS/CVE Severity