{"containers": {"cna": {"affected": [{"product": "containernetworking-cni", "vendor": "n/a", "versions": [{"status": "affected", "version": "containernetworking/cni 0.8.1"}]}], "descriptions": [{"lang": "en", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20->CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T21:34:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20206", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "containernetworking-cni", "version": {"version_data": [{"version_value": "containernetworking/cni 0.8.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20->CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"}, {"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20206", "datePublished": "2021-03-26T21:34:58", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:container_network_interface:*:*:*:*:*:*:*:*", "matchCriteriaId": "03195E86-5FBC-4A4B-AAE8-B0A4AF78BBFC", "versionEndExcluding": "0.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."}, {"lang": "es", "value": "Se detect\u00f3 una limitaci\u00f3n inapropiada del fallo en el nombre de la ruta en containernetworking/cni en versiones anteriores a 0.8.1. Cuando se especifica el plugin a cargar en el campo \"type\" en la configuraci\u00f3n de red, es posible usar elementos especiales como separadores \"../\" para hacer referencia a binarios en otras partes del sistema. Este fallo permite a un atacante ejecutar otros binarios existentes que no sean los plugins y tipos de cni, como \"reboot\". La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema."}], "id": "CVE-2021-20206", "lastModified": "2023-11-07T03:29:00.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T22:15:12.617", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Casey Callendrello (Red Hat).", "affected_release": [{"advisory": "RHSA-2021:1005", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "package": "openshift4/ose-docker-builder:v4.7.0-202103270130.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-04-05T00:00:00Z"}, {"advisory": "RHSA-2021:1007", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "package": "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-04-05T00:00:00Z"}, {"advisory": "RHSA-2021:1552", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "package": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202104281843.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2022:0492", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "package": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2022-02-16T00:00:00Z"}, {"advisory": "RHSA-2022:1660", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "package": "openshift4-wincw/windows-machine-config-rhel8-operator:2.0.5-4", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2022-05-02T00:00:00Z"}, {"advisory": "RHSA-2021:2438", "cpe": "cpe:/a:redhat:openshift:4.8::el8", "package": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.8", "release_date": "2021-07-27T00:00:00Z"}, {"advisory": "RHSA-2021:2438", "cpe": "cpe:/a:redhat:openshift:4.8::el8", "package": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.8", "release_date": "2021-07-27T00:00:00Z"}, {"advisory": "RHSA-2021:3001", "cpe": "cpe:/a:redhat:openshift:4.8::el8", "package": "openshift4-wincw/windows-machine-config-rhel8-operator:3.0.0-16", "product_name": "Red Hat OpenShift Container Platform 4.8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-cpu-model-nfd-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-cpu-node-labeller-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-kvm-info-nfd-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "vm-import-controller-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}], "bugzilla": {"description": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "id": "1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-22", "details": ["An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "name": "CVE-2021-20206", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-cni", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "cni", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:1.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:1.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:1.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:2.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:2.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:2.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:rhel8/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "atomic-openshift-cluster-autoscaler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "containernetworking-cni", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/file-integrity-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-autoscaler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-hyperkube", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kube-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-admission-controller", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-cni", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-network-interface-bond-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-node", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-sriov-dp-admission-controller", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-sriov-network-webhook", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/ocs-must-gather-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "package_name": "cnv-containernetworking-plugins-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "kubemacpool-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "package_name": "ovs-cni-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2021-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20206\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20206"], "statement": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Low.", "threat_severity": "Moderate", "upstream_fix": "containernetworking/cni 0.8.1"}