Containerd
CVE-2021-41103
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.
AnalysisAI
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. Affected products include: Linuxfoundation Containerd, Fedoraproject Fedora, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Containerd
View allcontainerd is an open source container runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complex
containerd is a container runtime available as a daemon for Linux and Windows. Rated high severity (CVSS 7.5), this vuln
Host command execution in containerd's CRI plugin arises because labels from an image config (Dockerfile LABEL instructi
Kubernetes device-plugin and resource-allocation enforcement can be bypassed in containerd by a namespace user holding p
Arbitrary host file disclosure in containerd's CRI plugin lets an attacker read any file on the Kubernetes node via `kub
containerd is an open source container runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploit
containerd is a container runtime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no auth
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through con
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability
Checkpoint image poisoning in containerd's CRI implementation allows an attacker with pod-creation permissions to corrup
containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authenticatio
containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack compl
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today