2023-04-04
Swarm encrypted overlay networks may not enforce their authentication guarantees in some situations.
Consult the upstream advisory for details, mitigations, workarounds, and patches.
Mirantis Container Runtime (MCR) <= 20.10.16 or <= 23.0.3
7.5 (High) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
CWE-420, CWE-636
Found by the MCR team, with assistance from the Moby community
- 2023-04-04: MCR 23.0.3 and 20.10.16 released, security advisories disclosed
- 2023-04-30: Timeline for disclosure finalized with partners
- 2023-04-23: Patches pass internal validation and test plan
- 2023-03-22: Patches code-complete and code-reviewed
- 2023-03-09: Upstream partners alerted
- 2023-03-08: Security issue identified by MCR team