Skip to content

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Low severity GitHub Reviewed Published Jul 9, 2025 in edgelesssys/contrast • Updated Jul 9, 2025

Package

gomod github.com/edgelesssys/contrast (Go)

Affected versions

< 1.9.1

Patched versions

1.9.1

Description

Background

The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by Kubernetes. However, containered implements the specified conversion logic and adds a mount point if there is none set by Kubernetes.

Unfortunately, the specification leaves it open whether the mount point is populated with any and what data, so the runtime needs to be able to push arbitrary data to the Kata agent. However, this is almost always not what the user wants:

  1. A declared VOLUME location is usually important to the app's core functionality, which is usually at odds with the data in that location being untrusted.
  2. VOLUME declarations are often used by image vendors to indicate "mount your persistence here" to the user. They are rarely useful without a real volume mounted there.

Impact

All of the following need to be true to be affected by this vulnerability:

  1. A bare metal Contrast deployment (AKS is not affected).
  2. An image with at least one VOLUME directive.
  3. No Kubernetes mount at the path of the VOLUME.

If these are all true, the host is able to write arbitrary trees below that mount point.

Patches

Patched in v1.9.1 by disallowing this configuration in contrast generate.

Workarounds

Explicitly mount an emptyDir to all VOLUME locations. If the initial data in these locations is needed by the application, the image needs to be modified to remove the config.volumes entries.

References

@burgerdev burgerdev published to edgelesssys/contrast Jul 9, 2025
Published to the GitHub Advisory Database Jul 9, 2025
Reviewed Jul 9, 2025
Last updated Jul 9, 2025

Severity

Low

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Adjacent
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS score

Weaknesses

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be. Learn more on MITRE.

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-phhq-63jg-fp7r

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.