CVE-2021-32760
Public on 2021-07-19
Modified on 2021-12-01
Description
A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | containerd | 2021-07-19 | ALAS-2021-1523 | Fixed |
Amazon Linux 2 - Docker Extra | containerd | 2021-10-19 | ALAS2DOCKER-2021-010 | Fixed |
Amazon Linux 2 - Ecs Extra | containerd | 2023-11-09 | ALAS2ECS-2023-029 | Fixed |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2021-10-19 | ALAS2NITRO-ENCLAVES-2021-010 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
NVD | CVSSv3 | 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |