Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Impact
When using --userns-remap
, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/<remapping>
that cause writing files with extended privileges.
Patches
Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Credits
Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to [email protected]
Permalink: https://github.com/advisories/GHSA-7452-xqpj-6rpcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 6.8
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Identifiers: GHSA-7452-xqpj-6rpc, CVE-2021-21284
References:
- https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
- https://nvd.nist.gov/vuln/detail/CVE-2021-21284
- https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
- https://docs.docker.com/engine/release-notes/#20103
- https://github.com/moby/moby/releases/tag/v19.03.15
- https://github.com/moby/moby/releases/tag/v20.10.3
- https://security.gentoo.org/glsa/202107-23
- https://security.netapp.com/advisory/ntap-20210226-0005/
- https://www.debian.org/security/2021/dsa-4865
- https://github.com/advisories/GHSA-7452-xqpj-6rpc
Blast Radius: 21.9
Affected Packages
go:github.com/moby/moby
Dependent packages: 461Dependent repositories: 1,657
Downloads:
Affected Version Ranges: >= 20.10.0-beta1, < 20.10.3, < 19.3.15
Fixed in: 20.10.3, 19.3.15
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.11.0, 1.11.1, 1.11.2, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.13.0, 1.13.1, 20.10.0, 20.10.0-beta1, 20.10.0-rc1, 20.10.0-rc2, 20.10.1, 20.10.2
All unaffected versions: 20.10.3, 20.10.4, 20.10.5, 20.10.6, 20.10.7, 20.10.8, 20.10.9, 20.10.10, 20.10.11, 20.10.12, 20.10.13, 20.10.14, 20.10.15, 20.10.16, 20.10.17, 20.10.18, 20.10.19, 20.10.20, 20.10.21, 20.10.22, 20.10.23, 20.10.24, 20.10.25, 20.10.26, 20.10.27, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.0.7, 23.0.8, 23.0.9, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.0.4, 24.0.5, 24.0.6, 24.0.7, 24.0.8, 24.0.9, 25.0.0, 25.0.1, 25.0.2, 25.0.3, 25.0.4