Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-21284

Опубликовано: 02 фев. 2021
Источник: redhat
CVSS3: 6

Описание

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7dockerOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1924740docker: access to remapped root allows privilege escalation to real root

6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-21284

CVSS3: 6.8
ubuntu
около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

nvd логотип

CVE-2021-21284

CVSS3: 6.8
nvd
около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

msrc логотип

CVE-2021-21284

CVSS3: 6.8
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-21284

CVSS3: 6.8
debian
около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...

github логотип

GHSA-7452-xqpj-6rpc

CVSS3: 6.8
github
около 2 лет назад

moby Access to remapped root allows privilege escalation to real root

6 Medium

CVSS3