CVE-2021-21284 — Path Traversal in Docker

CWE-22 — Path Traversal CWE-732 — Incorrect Permission Assignment8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 94.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moby Github.com Moby Moby Docker +2 more

Timeline

PublishedFeb 2

Latest updateJan 31

Description

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages4 packages

▶NVDdocker/docker20.0.0 — 20.10.3+1

▶CVEListV5moby/moby< 19.03.15+1

▶Gogithub.com/moby_moby20.10.0-beta1 — 20.10.3+1

▶NVDnetapp/e-series_santricity_os_controller11.0.0 — 11.60.3

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: security.gentoo.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

moby Access to remapped root allows privilege escalation to real root↗2024-01-31

▶

OSV

moby Access to remapped root allows privilege escalation to real root↗2024-01-31

▶

CVEList

privilege escalation in Moby↗2021-02-02

▶

OSV

CVE-2021-21284: In Docker before versions 9↗2021-02-02

▶

📋Vendor Advisories

Microsoft

privilege escalation in Moby↗2021-02-09

▶

Red Hat

docker: access to remapped root allows privilege escalation to real root↗2021-02-02

▶

Debian

CVE-2021-21284: docker.io - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving th...↗2021

▶