CVE-2020-15157 Overview
CVE-2020-15157 is a credential leaking vulnerability in containerd, an industry-standard container runtime. The vulnerability exists in versions prior to 1.2.14 and affects how the default containerd resolver handles foreign layers in container image manifests. When a container image manifest in OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (known as a "foreign layer"), the default containerd resolver follows that URL to download it. In vulnerable versions, the resolver provides authentication credentials if the server presents an HTTP 401 status code along with registry-specific HTTP headers.
Critical Impact
Attackers can steal registry credentials or cloud instance credentials by tricking users into pulling malicious container images, potentially granting access to other cloud resources in the account.
Affected Products
- Linux Foundation containerd (versions prior to 1.2.14, and 1.3.0 beta/rc versions)
- Canonical Ubuntu Linux 16.04 LTS, 18.04 LTS, 20.04 LTS
- Debian Linux 10.0
Discovery Timeline
- October 16, 2020 - CVE-2020-15157 published to NVD
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2020-15157
Vulnerability Analysis
This information disclosure vulnerability exploits the trust model in containerd's default resolver mechanism. The flaw occurs when processing container image manifests that reference external URLs for image layers. The containerd resolver incorrectly sends authentication credentials to arbitrary servers when those servers respond with HTTP 401 Unauthorized status codes accompanied by WWW-Authenticate headers matching registry patterns.
The vulnerability specifically impacts the cri-containerd plugin (used by Kubernetes), the ctr development tool, and other client programs explicitly linked against containerd's default resolver. Notably, Docker and other container runtimes built on containerd that do not use the default resolver are not affected.
Root Cause
The root cause is classified as CWE-522: Insufficiently Protected Credentials. The containerd default resolver fails to properly validate the destination server before transmitting authentication credentials. When following foreign layer URLs, the resolver does not differentiate between the original trusted registry and arbitrary third-party servers, sending credentials to any server that presents the appropriate HTTP authentication challenge headers.
Attack Vector
The attack requires network access and user interaction. An attacker must:
- Create a malicious container image with a manifest containing a foreign layer URL pointing to an attacker-controlled server
- Publish this image to a public registry or convince a target to pull from a controlled source
- Configure their server to respond with HTTP 401 status and registry-specific WWW-Authenticate headers
- Wait for a victim to pull the image using a vulnerable containerd installation
When the victim pulls the image, containerd's default resolver attempts to fetch the foreign layer and automatically sends the victim's registry credentials to the attacker's server. These credentials could be registry username/password combinations or cloud instance metadata credentials that grant access to additional cloud resources.
Detection Methods for CVE-2020-15157
Indicators of Compromise
- Unexpected outbound HTTP requests from containerd processes to unfamiliar external hosts during image pull operations
- Network traffic containing authentication headers being sent to non-registry endpoints
- Container image manifests referencing external URLs outside of expected registry domains
- Log entries showing foreign layer fetch attempts to suspicious or unknown servers
Detection Strategies
- Monitor containerd and cri-containerd processes for outbound connections to unexpected destinations during image pulls
- Implement network segmentation and egress filtering to restrict containerd's ability to contact arbitrary external hosts
- Review image manifests for foreign layer references before pulling from untrusted sources
- Enable verbose logging in containerd to capture all external URL fetch attempts
Monitoring Recommendations
- Configure network monitoring to alert on containerd processes making connections to non-whitelisted registry endpoints
- Implement container image scanning to detect manifests with external foreign layer URLs before deployment
- Monitor cloud instance metadata access patterns for unusual credential retrievals following container operations
- Establish baseline network behavior for container runtime processes and alert on deviations
How to Mitigate CVE-2020-15157
Immediate Actions Required
- Upgrade containerd to version 1.2.14 or later immediately for systems running the 1.2.x series
- Systems running containerd 1.3.0 (stable release) or later are not affected and require no action
- Restrict image pulls to trusted registries only until patching is complete
- Review recent image pull activity for signs of credential exfiltration
Patch Information
The vulnerability has been fixed in containerd version 1.2.14. Organizations should update their containerd installations through their package manager or by downloading the patched version directly from the GitHub Containerd Release v1.2.14.
Additional security advisories and patches are available:
- GitHub Security Advisory GHSA-742w-89gc-8m9c
- Ubuntu Security Notice USN-4589-1
- Ubuntu Security Notice USN-4589-2
- Debian Security Advisory DSA-4865
Workarounds
- Only pull container images from trusted and verified sources until patches can be applied
- Implement network policies to prevent containerd from making connections to arbitrary external hosts
- Use container runtimes that do not rely on the default containerd resolver (such as Docker) as an interim measure
- Consider blocking foreign layer URL following at the network level by restricting outbound connections from container runtime processes
# Check containerd version
containerd --version
# Update containerd on Ubuntu/Debian
sudo apt-get update
sudo apt-get install containerd
# Verify updated version is 1.2.14 or later
containerd --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
