Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv3

CVE-2021-21334

Published: 10/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.3 | Impact Score: 4 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Linuxfoundation

Vulnerability Summary

In containerd (an industry-standard container runtime) prior to 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation containerd

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1523
A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem Changes to file permissions can deny access to the expected owner of the file or widen access to others (CVE-2021-32760) A flaw was found in containerd CRI plugi ...
Red Hat: CVE-2021-21334
In containerd (an industry-standard container runtime) before versions 1310 and 144, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are def ...
Amazon Linux 2: ALASECS-2023-014
A flaw was found in containerd CRI plugin Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers The highest threat from this vulnerability is to data confidentiality (CVE-2021-21334) ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2021-011
A flaw was found in containerd CRI plugin Containers launched through containerd's CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers The highest threat from this vulnerability is to data confidentiality (CVE-2021-21334) ...
Amazon Linux 2: ALAS2DOCKER-2021-011
A flaw was found in containerd CRI plugin Containers launched through containerd's CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers The highest threat from this vulnerability is to data confidentiality (CVE-2021-21334) ...
Arch Linux Issues:
A security issue was found in containerd before version 1310 and 14x before 144 Containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defin ...

Github Repositories

https://github.com/joemcmanus/threatstackReport

A python script to create daily reports from Threatstack

threatstackReport A python script to create daily reports from Threatstack This script adds state and simple reporting to the threatstack API It can be run on previous reports or in real time First you would create and inventory root@foo:~# /threatstackpy --inventory +----------------------------+-------+ | Option | Value | +---------------------------

References

CWE-668https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8ehttps://github.com/containerd/containerd/releases/tag/v1.3.10https://github.com/containerd/containerd/releases/tag/v1.4.4https://security.gentoo.org/glsa/202105-33https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/https://nvd.nist.govhttps://github.com/joemcmanus/threatstackReporthttps://alas.aws.amazon.com/ALAS-2021-1523.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook