← Voltar para CVEs
CVE-2021-41089
LOW2.8
Descricao
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
Detalhes CVE
Pontuacao CVSS v3.12.8
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado10/4/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
fedoraproject:fedoramobyproject:moby
Fraquezas (CWE)
CWE-281CWE-281
Referencias
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf(security-advisories@github.com)
https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a(security-advisories@github.com)
https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4(security-advisories@github.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/(security-advisories@github.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/(security-advisories@github.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.