CVE-2021-21284

Опубликовано: 02 фев. 2021

Источник: nvd

CVSS3: 6.8

CVSS2: 2.7

EPSS Низкий

Описание

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Ссылки

https://docs.docker.com/engine/release-notes/#20103
Release Notes
Vendor Advisory
https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
Patch
Third Party Advisory
https://github.com/moby/moby/releases/tag/v19.03.15
Release Notes
Third Party Advisory
https://github.com/moby/moby/releases/tag/v20.10.3
Release Notes
Third Party Advisory
https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
Third Party Advisory
https://security.gentoo.org/glsa/202107-23
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0005/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4865
Third Party Advisory
https://docs.docker.com/engine/release-notes/#20103
Release Notes
Vendor Advisory
https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
Patch
Third Party Advisory
https://github.com/moby/moby/releases/tag/v19.03.15
Release Notes
Third Party Advisory
https://github.com/moby/moby/releases/tag/v20.10.3
Release Notes
Third Party Advisory
https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
Third Party Advisory
https://security.gentoo.org/glsa/202107-23
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0005/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4865
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*

Версия до 19.03.15 (исключая)

cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*

Версия от 20.0.0 (включая) до 20.10.3 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.60.3 (включая)

EPSS

Процентиль: 5%

0.0002

Низкий

6.8 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2021-21284

CVSS3: 6.8

ubuntu

около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

CVE-2021-21284

CVSS3: 6

redhat

около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

CVE-2021-21284

CVSS3: 6.8

msrc

больше 4 лет назад

Описание отсутствует

CVE-2021-21284

CVSS3: 6.8

debian

около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...

GHSA-7452-xqpj-6rpc

CVSS3: 6.8

github

около 2 лет назад

moby Access to remapped root allows privilege escalation to real root

EPSS

Процентиль: 5%

0.0002

Низкий

6.8 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-22