6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
77.3%
Severity: Medium
Date : 2021-02-06
CVE-ID : CVE-2021-21284 CVE-2021-21285
Package : docker
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1528
The package docker before version 1:20.10.3-1 is vulnerable to multiple
issues including denial of service and privilege escalation.
Upgrade to 1:20.10.3-1.
The problems have been fixed upstream in version 20.10.3.
None.
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability
involving the --userns-remap option in which access to remapped root
allows privilege escalation to real root. When using “–userns-remap”,
if the root user in the remapped namespace has access to the host
filesystem they can modify files under “/var/lib/docker/<remapping>”
that cause writing files with extended privileges. Versions 20.10.3 and
19.03.15 contain patches that prevent privilege escalation from
remapped user.
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in
which pulling an intentionally malformed Docker image manifest crashes
the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that
prevent the daemon from crashing.
An attacker could crash the dockerd daemon via a crafted image. An
attacker with root access inside a docker container can escape the
container.
https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
https://github.com/moby/moby/commit/edb62a3ace8c4303822a391b38231e577f8c2ee8
https://github.com/moby/moby/commit/bfedd2725971303efb7a2fe5d6990317b381622f
https://github.com/moby/moby/commit/e908cc39018c015084ffbffbc5703ccba5c2fbb7
https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
https://github.com/moby/moby/commit/a7d4af84bd2f189b921c3ec60796aa825e3a0f2a
https://security.archlinux.org/CVE-2021-21284
https://security.archlinux.org/CVE-2021-21285
github.com/moby/moby/commit/a7d4af84bd2f189b921c3ec60796aa825e3a0f2a
github.com/moby/moby/commit/bfedd2725971303efb7a2fe5d6990317b381622f
github.com/moby/moby/commit/e908cc39018c015084ffbffbc5703ccba5c2fbb7
github.com/moby/moby/commit/edb62a3ace8c4303822a391b38231e577f8c2ee8
github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
security.archlinux.org/AVG-1528
security.archlinux.org/CVE-2021-21284
security.archlinux.org/CVE-2021-21285
6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
77.3%