Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2021-21284

Published: 02/02/2021 Updated: 29/04/2022
CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1
CVSS v3 Base Score: 6.8 | Impact Score: 4 | Exploitability Score: 2.3
VMScore: 242
Vector: AV:A/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Docker

Vulnerability Summary

In Docker prior to 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

docker docker

debian debian linux 10.0

netapp e-series santricity os controller

Vendor Advisories

Debian Security Advisories: DSA-4865-1 docker.io -- security update
Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation For the stable distribution (buster), these problems have been fixed in version 18091+dfsg1-71+deb10u3 We recommend that you upgrade your dockerio packages For the detailed securi ...
Amazon Linux AMI: ALAS-2021-1550
A flaw was found in the `userns-remap` feature of Docker The root user in the remapped namespace can modify files under /var/lib/docker/&lt;remapping&gt;, leading to possible privilege escalation to the root user in the host The highest threat from this vulnerability is to data integrity (CVE-2021-21284) A flaw was found in Docker Pulling an in ...
Amazon Linux 2: ALASECS-2023-015
A flaw was found in the `userns-remap` feature of Docker The root user in the remapped namespace can modify files under /var/lib/docker/&lt;remapping&gt;, leading to possible privilege escalation to the root user in the host The highest threat from this vulnerability is to data integrity (CVE-2021-21284) A flaw was found in Docker Pulling an in ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2021-001
A flaw was found in the `userns-remap` feature of Docker The root user in the remapped namespace can modify files under /var/lib/docker/&lt;remapping&gt;, leading to possible privilege escalation to the root user in the host The highest threat from this vulnerability is to data integrity (CVE-2021-21284) A flaw was found in Docker Pulling an in ...
Amazon Linux 2: ALAS2DOCKER-2021-001
A flaw was found in the `userns-remap` feature of Docker The root user in the remapped namespace can modify files under /var/lib/docker/&lt;remapping&gt;, leading to possible privilege escalation to the root user in the host The highest threat from this vulnerability is to data integrity (CVE-2021-21284) A flaw was found in Docker Pulling an in ...
Arch Linux Issues:
In Docker before versions 90315, 20103 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/&lt;remapping&gt;" t ...

References

CWE-22CWE-22https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7chttps://docs.docker.com/engine/release-notes/#20103https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpchttps://github.com/moby/moby/releases/tag/v19.03.15https://github.com/moby/moby/releases/tag/v20.10.3https://security.netapp.com/advisory/ntap-20210226-0005/https://www.debian.org/security/2021/dsa-4865https://security.gentoo.org/glsa/202107-23https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4865
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook