{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-41103", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-04T02:59:31.538Z", "dateReserved": "2021-09-15T00:00:00", "datePublished": "2021-10-04T00:00:00"}, "containers": {"cna": {"title": "Insufficiently restricted permissions on plugin directories", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-31T13:06:20.094638"}, "descriptions": [{"lang": "en", "value": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories."}], "affected": [{"vendor": "containerd", "product": "containerd", "versions": [{"version": "< 1.4.11", "status": "affected"}, {"version": ">= 1.5.0, < 1.5.7", "status": "affected"}]}], "references": [{"url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"}, {"url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8"}, {"name": "FEDORA-2021-df975338d4", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"}, {"name": "FEDORA-2021-b5a9a481a2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"}, {"name": "DSA-5002", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2021/dsa-5002"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}, {"name": "GLSA-202401-31", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-31"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "source": {"advisory": "GHSA-c2h3-6mxw-7mvq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:59:31.538Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq", "tags": ["x_transferred"]}, {"url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8", "tags": ["x_transferred"]}, {"name": "FEDORA-2021-df975338d4", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"}, {"name": "FEDORA-2021-b5a9a481a2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"}, {"name": "DSA-5002", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-5002"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "tags": ["x_transferred"]}, {"name": "GLSA-202401-31", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202401-31"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", "matchCriteriaId": "8471080E-7A72-48EE-817A-C3FCEDB777E1", "versionEndExcluding": "1.4.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", "matchCriteriaId": "227778FB-454E-4747-872D-D9D011F9DEDE", "versionEndExcluding": "1.5.7", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories."}, {"lang": "es", "value": "containerd es un tiempo de ejecuci\u00f3n de contenedores de c\u00f3digo abierto con \u00e9nfasis en la simplicidad, robustez y portabilidad. Se encontr\u00f3 un bug en containerd en el que los directorios root de los contenedores y algunos plugins ten\u00edan permisos insuficientemente restringidos, que permit\u00eda a usuarios de Linux sin privilegios un salto de directorio de contenidos y ejecutar programas. Cuando los contenedores inclu\u00edan programas ejecutables con bits de permiso extendidos (como setuid), los usuarios no privilegiados de Linux pod\u00edan detectar y ejecutar esos programas. Cuando el UID de un usuario de Linux sin privilegios en el host colisionaba con el propietario o el grupo del archivo dentro de un contenedor, el usuario de Linux sin privilegios en el host pod\u00eda detectar, leer y modificar esos archivos. Esta vulnerabilidad ha sido corregida en containerd versi\u00f3n 1.4.11 y containerd versi\u00f3n 1.5.7. Los usuarios deben actualizar a estas versiones cuando se publiquen y pueden reiniciar los contenedores o actualizar los permisos de directorio para mitigar la vulnerabilidad. Los usuarios que no puedan actualizar deber\u00edan limitar el acceso al host a usuarios confiables. Actualizar los permisos de directorio en los directorios de los paquetes de contenedores"}], "id": "CVE-2021-41103", "lastModified": "2024-11-21T06:25:28.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-04T17:15:08.517", "references": [{"source": "security-advisories@github.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"}, {"source": "security-advisories@github.com", "url": "https://security.gentoo.org/glsa/202401-31"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5002"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5673", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8-tech-preview/osp-director-operator:1.2.3-3", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-07-20T00:00:00Z"}, {"advisory": "RHSA-2022:6517", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8-tech-preview/osp-director-operator:1.2.3-4", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6517", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8-tech-preview/osp-director-operator-bundle:1.2.3-7", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-09-14T00:00:00Z"}], "bugzilla": {"description": "containerd: insufficiently restricted permissions on container root and plugin directories", "id": "2011007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011007"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-22", "details": ["containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.", "A flaw was found in the containerd package. Containerd could allow a local authenticated attacker to traverse directories on the system, due to improper restricted permissions on the container root and plugin directories. This issue could allow an attacker to send a specially-crafted request containing \"dot dot\" sequences (/../) to view directory contents and execute programs."], "name": "CVE-2021-41103", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "containerd", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2021-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41103\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41103"], "threat_severity": "Moderate"}

{}