cbcvebase.
CVE-2021-30465
published 2021-05-27

CVE-2021-30465: runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create…

PriorityP355high8.5CVSS 3.1
AVNACHPRLUINSCCHIHAH
EPSS
6.60%
93.0th percentile
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianrunc< runc 1.0.0~rc93+ds1-5 (bookworm)runc 1.0.0~rc93+ds1-5 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
github.comopencontainers_runc>= 0 < 1.0.0-rc951.0.0-rc95
linuxfoundationrunc<= 0.1.1
linuxfoundationrunc
linuxfoundationrunc>= 0 < 1.0.0~rc93+ds1-51.0.0~rc93+ds1-5
linuxfoundationrunc>= 0 < 1.0.0~rc93+ds1-51.0.0~rc93+ds1-5
linuxfoundationrunc>= 0 < 1.0.0~rc93+ds1-51.0.0~rc93+ds1-5
linuxfoundationrunc>= 0 < 1.0.0~rc93+ds1-51.0.0~rc93+ds1-5
linuxfoundationrunc>= 0 < 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm21.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2

CVSS provenance

nvdv3.18.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
ghsa8.5HIGH
osv8.5HIGH
vendor_debian8.5HIGH
vendor_redhat8.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.