[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-25173":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":30,"duplicate_of":9,"upstream":33,"downstream":34,"duplicates":63,"related":64,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":97,"kevs":189,"epss":190,"epss_history":193,"metrics":464,"affected":479},"CVE-2023-25173","containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.\n\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-863","Incorrect Authorization","The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.","weakness","Incomplete","Class","High",[],[21],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_8C2F9CC1C4D896E2","Exploit Reference (benthamsgaze.org)","reference","https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/","unknown",0.2,false,[],[31,32],"GHSA-hmfx-3pcx-653p","GO-2023-1574",[],[35,37,39,41,43,45,47,49,51,53,55,57,59,61],{"_key":36},"SUSE-SU-2023:1827-1",{"_key":38},"SUSE-SU-2023:1826-1",{"_key":40},"SUSE-SU-2023:4124-1",{"_key":42},"UBUNTU-CVE-2023-25173",{"_key":44},"OPENSUSE-SU-2024:12822-1",{"_key":46},"OPENSUSE-SU-2024:13295-1",{"_key":48},"OPENSUSE-SU-2025:15779-1",{"_key":50},"MGASA-2023-0245",{"_key":52},"DEBIAN-CVE-2023-25173",{"_key":54},"USN-6202-1",{"_key":56},"RHSA-2023:3450",{"_key":58},"RHSA-2023:6473",{"_key":60},"RHSA-2023:6474",{"_key":62},"RHSA-2023:6939",[],[65,66,67,68,69,70,71,72,74,76,78,80,82,84],{"_key":36},{"_key":38},{"_key":40},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":73},"CGA-V6R2-VVPQ-C9CV",{"_key":75},"CGA-W942-3489-9M4X",{"_key":77},"CVE-2022-2990",{"_key":79},"CVE-2022-2989",{"_key":81},"CVE-2022-2995",{"_key":83},"CVE-2022-36109",{"_key":85},"CGA-R63J-98WH-Q2GC","2023-02-16T14:09:12.073Z","2025-03-10T21:10:38.648Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":90,"epss_score":91,"severity":92,"severity_score":93,"severity_version":94,"severity_source":95,"severity_vector":96,"severity_status":88},"low",0.00023,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[98,109,115,121,125,129,133,138,142,148,152,156,160,164,169,173,177,181,185],{"url":99,"sources":100,"tags":103},"https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p",[101,95,102],"cve.org","osv_go",[104,105,106,107,108],"X Refsource CONFIRM","Mitigation","Vendor Advisory","WEB","Advisory",{"url":110,"sources":111,"tags":112},"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4",[101,95,102],[113,114,107],"X Refsource MISC","Not Applicable",{"url":116,"sources":117,"tags":118},"https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a",[101,95,102],[113,119,107,120],"Patch","FIX",{"url":122,"sources":123,"tags":124},"https://github.com/advisories/GHSA-4wjj-jwc9-2x96",[101,95,102],[113,114,108,107],{"url":126,"sources":127,"tags":128},"https://github.com/advisories/GHSA-fjm8-m7m6-2fjp",[101,95,102],[113,114,108,107],{"url":130,"sources":131,"tags":132},"https://github.com/advisories/GHSA-phjr-8j92-w5v7",[101,95,102],[113,114,108,107],{"url":134,"sources":135,"tags":136},"https://github.com/containerd/containerd/releases/tag/v1.5.18",[101,95,102],[113,137,107],"Release Notes",{"url":139,"sources":140,"tags":141},"https://github.com/containerd/containerd/releases/tag/v1.6.18",[101,95,102],[113,137,107],{"url":25,"sources":143,"tags":144},[101,95,102],[113,145,146,147],"Exploit","Third Party Advisory","ARTICLE",{"url":149,"sources":150,"tags":151},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",[101,95],[],{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",[101,95],[],{"url":157,"sources":158,"tags":159},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",[101,95],[],{"url":161,"sources":162,"tags":163},"https://nvd.nist.gov/vuln/detail/CVE-2023-25173",[102],[108],{"url":165,"sources":166,"tags":167},"https://github.com/containerd/containerd",[102],[168],"PACKAGE",{"url":170,"sources":171,"tags":172},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC",[102],[107],{"url":174,"sources":175,"tags":176},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE",[102],[107],{"url":178,"sources":179,"tags":180},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI",[102],[107],{"url":182,"sources":183,"tags":184},"https://pkg.go.dev/vuln/GO-2023-1574",[102],[107],{"url":186,"sources":187,"tags":188},"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation",[102],[107],[],{"date":191,"score":91,"percentile":192},"2026-06-04",0.06665,[194,198,201,204,207,210,213,216,219,222,225,228,231,234,237,241,244,247,250,253,256,258,261,264,267,270,273,276,279,282,285,288,292,295,298,300,303,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,406,409,413,416,419,422,425,428,431,434,437,440,443,446,449,452,455,458,461],{"date":195,"score":196,"percentile":197},"2025-11-04",0.00022,0.04556,{"date":199,"score":196,"percentile":200},"2025-11-05",0.04564,{"date":202,"score":196,"percentile":203},"2025-11-06",0.04678,{"date":205,"score":196,"percentile":206},"2025-11-07",0.04691,{"date":208,"score":196,"percentile":209},"2025-11-08",0.04685,{"date":211,"score":196,"percentile":212},"2025-11-09",0.04688,{"date":214,"score":196,"percentile":215},"2025-11-10",0.04673,{"date":217,"score":196,"percentile":218},"2025-11-11",0.04708,{"date":220,"score":196,"percentile":221},"2025-11-12",0.04728,{"date":223,"score":196,"percentile":224},"2025-11-13",0.0476,{"date":226,"score":196,"percentile":227},"2025-11-14",0.04789,{"date":229,"score":196,"percentile":230},"2025-11-15",0.04829,{"date":232,"score":196,"percentile":233},"2025-11-16",0.04844,{"date":235,"score":196,"percentile":236},"2025-11-17",0.04833,{"date":238,"score":239,"percentile":240},"2025-11-18",0.00093,0.22494,{"date":242,"score":239,"percentile":243},"2025-11-19",0.22506,{"date":245,"score":239,"percentile":246},"2025-11-20",0.22514,{"date":248,"score":196,"percentile":249},"2025-11-21",0.04863,{"date":251,"score":196,"percentile":252},"2025-11-22",0.04874,{"date":254,"score":196,"percentile":255},"2025-11-23",0.04866,{"date":257,"score":196,"percentile":233},"2025-11-24",{"date":259,"score":196,"percentile":260},"2025-11-25",0.04856,{"date":262,"score":196,"percentile":263},"2025-11-26",0.04891,{"date":265,"score":196,"percentile":266},"2025-11-27",0.0491,{"date":268,"score":196,"percentile":269},"2025-11-28",0.04897,{"date":271,"score":196,"percentile":272},"2025-11-29",0.04953,{"date":274,"score":196,"percentile":275},"2025-11-30",0.04949,{"date":277,"score":196,"percentile":278},"2025-12-01",0.05043,{"date":280,"score":196,"percentile":281},"2025-12-02",0.05058,{"date":283,"score":196,"percentile":284},"2025-12-03",0.05084,{"date":286,"score":196,"percentile":287},"2025-12-04",0.05031,{"date":289,"score":290,"percentile":291},"2025-12-05",0.00021,0.0462,{"date":293,"score":290,"percentile":294},"2025-12-06",0.04634,{"date":296,"score":290,"percentile":297},"2025-12-07",0.04635,{"date":299,"score":290,"percentile":294},"2025-12-08",{"date":301,"score":290,"percentile":302},"2025-12-09",0.04683,{"date":304,"score":290,"percentile":221},"2025-12-10",{"date":306,"score":290,"percentile":307},"2025-12-11",0.04721,{"date":309,"score":290,"percentile":310},"2025-12-12",0.04737,{"date":312,"score":196,"percentile":313},"2025-12-13",0.05174,{"date":315,"score":196,"percentile":316},"2025-12-14",0.05169,{"date":318,"score":196,"percentile":319},"2025-12-15",0.05137,{"date":321,"score":196,"percentile":322},"2025-12-16",0.05135,{"date":324,"score":196,"percentile":325},"2025-12-17",0.05197,{"date":327,"score":196,"percentile":328},"2025-12-18",0.05238,{"date":330,"score":196,"percentile":331},"2025-12-19",0.05214,{"date":333,"score":196,"percentile":334},"2025-12-20",0.05216,{"date":336,"score":196,"percentile":337},"2025-12-21",0.0522,{"date":339,"score":196,"percentile":340},"2025-12-22",0.05163,{"date":342,"score":196,"percentile":343},"2025-12-23",0.0517,{"date":345,"score":196,"percentile":346},"2025-12-24",0.05191,{"date":348,"score":196,"percentile":349},"2025-12-25",0.05226,{"date":351,"score":196,"percentile":352},"2025-12-26",0.05229,{"date":354,"score":196,"percentile":355},"2025-12-27",0.05234,{"date":357,"score":196,"percentile":358},"2025-12-28",0.05219,{"date":360,"score":196,"percentile":361},"2025-12-29",0.05212,{"date":363,"score":196,"percentile":364},"2025-12-30",0.05173,{"date":366,"score":196,"percentile":367},"2025-12-31",0.05204,{"date":369,"score":196,"percentile":370},"2026-01-01",0.05275,{"date":372,"score":196,"percentile":373},"2026-01-02",0.05269,{"date":375,"score":196,"percentile":376},"2026-01-03",0.05251,{"date":378,"score":196,"percentile":379},"2026-01-04",0.05153,{"date":381,"score":196,"percentile":382},"2026-01-05",0.05096,{"date":384,"score":196,"percentile":385},"2026-01-06",0.05092,{"date":387,"score":196,"percentile":388},"2026-01-07",0.05113,{"date":390,"score":196,"percentile":391},"2026-01-08",0.0516,{"date":393,"score":196,"percentile":394},"2026-01-09",0.05156,{"date":396,"score":196,"percentile":397},"2026-01-10",0.05161,{"date":399,"score":196,"percentile":400},"2026-01-11",0.05147,{"date":402,"score":196,"percentile":403},"2026-01-12",0.05149,{"date":405,"score":196,"percentile":319},"2026-01-13",{"date":407,"score":196,"percentile":408},"2026-01-14",0.05185,{"date":410,"score":411,"percentile":412},"2026-01-15",0.00024,0.05796,{"date":414,"score":411,"percentile":415},"2026-01-16",0.058,{"date":417,"score":411,"percentile":418},"2026-01-17",0.05812,{"date":420,"score":411,"percentile":421},"2026-01-18",0.05801,{"date":423,"score":411,"percentile":424},"2026-01-19",0.05775,{"date":426,"score":411,"percentile":427},"2026-01-20",0.05731,{"date":429,"score":411,"percentile":430},"2026-01-21",0.05734,{"date":432,"score":411,"percentile":433},"2026-01-22",0.05717,{"date":435,"score":411,"percentile":436},"2026-01-23",0.05777,{"date":438,"score":411,"percentile":439},"2026-01-24",0.05823,{"date":441,"score":411,"percentile":442},"2026-01-25",0.05771,{"date":444,"score":411,"percentile":445},"2026-01-26",0.05754,{"date":447,"score":411,"percentile":448},"2026-01-27",0.05733,{"date":450,"score":411,"percentile":451},"2026-01-28",0.05715,{"date":453,"score":411,"percentile":454},"2026-01-29",0.05729,{"date":456,"score":411,"percentile":457},"2026-01-30",0.05728,{"date":459,"score":411,"percentile":460},"2026-01-31",0.05706,{"date":462,"score":411,"percentile":463},"2026-02-01",0.05773,[465,472,476],{"source":101,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":466,"cvss_v4_0":9},{"baseScore":467,"baseSeverity":468,"vectorString":469,"impactScore":470,"exploitabilityScore":471},5.3,"MEDIUM","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",5.7,4.6,{"source":95,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":473,"cvss_v4_0":9},{"baseScore":93,"baseSeverity":474,"vectorString":96,"impactScore":475,"exploitabilityScore":471},"HIGH",9.8,{"source":102,"cvss_v2_0":9,"cvss_v3_0":477,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":467,"baseSeverity":9,"vectorString":478,"impactScore":470,"exploitabilityScore":471},"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",[480,494,505],{"ecosystem":9,"name":481,"vendor":481,"product":481,"cpe_part":482,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":483},"containerd","a",[484,489],{"version":485,"is_range":486,"range_type":101,"version_start":9,"version_start_type":9,"version_end":487,"version_end_type":488,"fixed_in":9},"\u003C 1.5.18",true,"1.5.18","excluding",{"version":490,"is_range":486,"range_type":101,"version_start":491,"version_start_type":492,"version_end":493,"version_end_type":488,"fixed_in":9},">= 1.6.0, \u003C 1.6.18","1.6.0","including","1.6.18",{"ecosystem":495,"name":496,"vendor":497,"product":481,"cpe_part":9,"purl_type":498,"purl_namespace":497,"purl_name":481,"source":9,"versions":499},"Go","github.com/containerd/containerd","github.com/containerd","golang",[500,503],{"version":501,"is_range":486,"range_type":502,"version_start":9,"version_start_type":9,"version_end":487,"version_end_type":488,"fixed_in":9},"lt1_5_18","semver",{"version":504,"is_range":486,"range_type":502,"version_start":491,"version_start_type":492,"version_end":493,"version_end_type":488,"fixed_in":9},"gte1_6_0_lt1_6_18",{"ecosystem":9,"name":481,"vendor":506,"product":481,"cpe_part":482,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"linuxfoundation",[508,511],{"version":509,"is_range":486,"range_type":510,"version_start":9,"version_start_type":9,"version_end":487,"version_end_type":488,"fixed_in":9},"lt1.5.18","cpe",{"version":512,"is_range":486,"range_type":510,"version_start":491,"version_start_type":492,"version_end":493,"version_end_type":488,"fixed_in":9},"gte1.6.0_lt1.6.18"]