CVE-2021-21284
published 2021-02-02CVE-2021-21284: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege…
medium6.8CVSS 3.1
AVAACLPRLUINSCCNIHAN
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | docker.io | < docker.io 20.10.3+dfsg1-1 (bookworm) | docker.io 20.10.3+dfsg1-1 (bookworm) |
| docker | docker | < 19.03.15 | 19.03.15 |
| docker | docker | >= 20.0.0 < 20.10.3 | 20.10.3 |
| github.com | moby_moby | >= 0 < 19.3.15 | 19.3.15 |
| github.com | moby_moby | >= 20.10.0-beta1 < 20.10.3 | 20.10.3 |
| moby | moby | < 19.03.15 | 19.03.15 |
| moby | moby | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_moby-buildx_0.4.1+azure-3_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_moby-cli_19.03.15+azure-2_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_moby-engine_19.03.15+azure-2_on_cbl_mariner_1.0 | — | — |
| netapp | e-series_santricity_os_controller | 11.0.0 – 11.60.3 | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
osv6.8MEDIUM