CVE-2021-41089

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 04-10-2021 11:15

Last modified: - 14-06-2022 01:15

Total changes: - 7

Description

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Low

Privileges required

Changed

Scope

None

User interaction

6.3

Base score

2.0

3.7

Exploitability score

Impact score

Verification logic

vendor=mobyproject AND product=moby AND versionEndExcluding=20.10.9

vendor=fedoraproject AND product=fedora AND version=34

vendor=fedoraproject AND product=fedora AND version=35

Reference

https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
FEDORA-2021-df975338d4-Mailing List, Third Party Advisory
FEDORA-2021-b5a9a481a2-Mailing List, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Keywords

CVE-2021-41089

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-41089

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures