Published: 19/07/2021 Updated: 31/01/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

containerd is a container runtime. A bug was found in containerd versions before 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation containerd
fedoraproject fedora 34

Synopsis Important: Red Hat OpenShift Service Mesh for 244 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Service Mesh 24 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Moderate: Release of containers for OSP 162z director operator tech preview Type/Severity Security Advisory: Moderate Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: kubernetes: YAML parsing v ...

A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem Changes to file permissions can deny access to the expected owner of the file or widen access to others (CVE-2021-32760) A flaw was found in containerd CRI plugi ...

containerd is a container runtime A bug was found in containerd versions prior to 148 and 154 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host&rsquo;s filesystem Changes to file permissions can deny access to the expected owner of the file, widen acc ...

A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky This bug ...

A bug was found in containerd version prior to 154 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, ...

CWE-732 https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w https://github.com/containerd/containerd/releases/tag/v1.4.8 https://github.com/containerd/containerd/releases/tag/v1.5.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/https://security.gentoo.org/glsa/202401-31 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:5952 https://alas.aws.amazon.com/ALAS-2021-1523.html

CVE-2021-32760

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect