CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 1CVE-2021-43816 – Improper Preservation of Permissions in containerd
https://notcve.org/view.php?id=CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. • https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea https://github.com/containerd/containerd/issues/6194 https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID https:&# • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41103 – Insufficiently restricted permissions on plugin directories
https://notcve.org/view.php?id=CVE-2021-41103
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8 https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB https://security.gentoo.org/glsa/202401-31 https://www.debian • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32760 – Archive package allows chmod of file outside of unpack target directory
https://notcve.org/view.php?id=CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. • https://github.com/containerd/containerd/releases/tag/v1.4.8 https://github.com/containerd/containerd/releases/tag/v1.5.4 https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3 https://security.gentoo.org/glsa/202401-31 https://access.redhat.com/security/cve/CVE-2021-32760 https://bugzilla.redhat.com/show_bug.cgi?id=1982681 • CWE-281: Improper Preservation of Permissions CWE-668: Exposure of Resource to Wrong Sphere CWE-732: Incorrect Permission Assignment for Critical Resource •