gsd-2021-41103
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2021-41103",
    "description": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.",
    "id": "GSD-2021-41103",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-41103.html",
      "https://www.debian.org/security/2021/dsa-5002",
      "https://ubuntu.com/security/CVE-2021-41103",
      "https://advisories.mageia.org/CVE-2021-41103.html",
      "https://security.archlinux.org/CVE-2021-41103",
      "https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html",
      "https://access.redhat.com/errata/RHSA-2022:5673",
      "https://access.redhat.com/errata/RHSA-2022:6517"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-41103"
      ],
      "details": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.",
      "id": "GSD-2021-41103",
      "modified": "2023-12-13T01:23:27.587394Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-41103",
        "STATE": "PUBLIC",
        "TITLE": "Insufficiently restricted permissions on plugin directories"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "containerd",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.4.11"
                        },
                        {
                          "version_value": "\u003e= 1.5.0, \u003c 1.5.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "containerd"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq",
            "refsource": "CONFIRM",
            "url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"
          },
          {
            "name": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8",
            "refsource": "MISC",
            "url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8"
          },
          {
            "name": "FEDORA-2021-df975338d4",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"
          },
          {
            "name": "FEDORA-2021-b5a9a481a2",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"
          },
          {
            "name": "DSA-5002",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-5002"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
          },
          {
            "name": "GLSA-202401-31",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202401-31"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-c2h3-6mxw-7mvq",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003cv1.4.11 || \u003e=v1.5.0 \u003cv1.5.7",
          "affected_versions": "All versions before 1.4.11, all versions starting from 1.5.0 before 1.5.7",
          "cvss_v2": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-06-16",
          "description": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.",
          "fixed_versions": [
            "v1.4.11",
            "v1.5.7"
          ],
          "identifier": "CVE-2021-41103",
          "identifiers": [
            "CVE-2021-41103",
            "GHSA-c2h3-6mxw-7mvq"
          ],
          "not_impacted": "All versions starting from 1.4.11 before 1.5.0, all versions starting from 1.5.7",
          "package_slug": "go/github.com/containerd/containerd",
          "pubdate": "2021-10-04",
          "solution": "Upgrade to versions 1.4.11, 1.5.7 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-41103"
          ],
          "uuid": "f17ae5b1-f158-4531-b211-583ea8cede45",
          "versions": [
            {
              "commit": {
                "sha": "4c2107f07301c38ee4c144c2ef56ed7a9e2711cc",
                "tags": [
                  "v1.5.0"
                ],
                "timestamp": "20210503205236"
              },
              "number": "v1.5.0"
            },
            {
              "commit": {
                "sha": "c1a53f2698c6eef3b2f9a22c89d14b54d126cce5",
                "tags": [
                  "v1.4.11"
                ],
                "timestamp": "20211004152447"
              },
              "number": "v1.4.11"
            },
            {
              "commit": {
                "sha": "997b1f9905746cccc997ab5c697f838e5be519ba",
                "tags": [
                  "v1.5.7"
                ],
                "timestamp": "20211004152447"
              },
              "number": "v1.5.7"
            }
          ]
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8471080E-7A72-48EE-817A-C3FCEDB777E1",
                    "versionEndExcluding": "1.4.11",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "227778FB-454E-4747-872D-D9D011F9DEDE",
                    "versionEndExcluding": "1.5.7",
                    "versionStartIncluding": "1.5.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories."
          },
          {
            "lang": "es",
            "value": "containerd es un tiempo de ejecuci\u00f3n de contenedores de c\u00f3digo abierto con \u00e9nfasis en la simplicidad, robustez y portabilidad. Se encontr\u00f3 un bug en containerd en el que los directorios root de los contenedores y algunos plugins ten\u00edan permisos insuficientemente restringidos, que permit\u00eda a usuarios de Linux sin privilegios un salto de directorio de contenidos y ejecutar programas. Cuando los contenedores inclu\u00edan programas ejecutables con bits de permiso extendidos (como setuid), los usuarios no privilegiados de Linux pod\u00edan detectar y ejecutar esos programas. Cuando el UID de un usuario de Linux sin privilegios en el host colisionaba con el propietario o el grupo del archivo dentro de un contenedor, el usuario de Linux sin privilegios en el host pod\u00eda detectar, leer y modificar esos archivos. Esta vulnerabilidad ha sido corregida en containerd versi\u00f3n 1.4.11 y containerd versi\u00f3n 1.5.7. Los usuarios deben actualizar a estas versiones cuando se publiquen y pueden reiniciar los contenedores o actualizar los permisos de directorio para mitigar la vulnerabilidad. Los usuarios que no puedan actualizar deber\u00edan limitar el acceso al host a usuarios confiables. Actualizar los permisos de directorio en los directorios de los paquetes de contenedores"
          }
        ],
        "id": "CVE-2021-41103",
        "lastModified": "2024-01-31T13:15:08.473",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV30": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "exploitabilityScore": 2.5,
              "impactScore": 3.4,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-10-04T17:15:08.517",
        "references": [
          {
            "source": "security-advisories@github.com",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://security.gentoo.org/glsa/202401-31"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5002"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.