349 matches found
CVE-2021-41103
CVE-2021-41103 affects containerd and stems from insufficiently restricted permissions on container root directories and some plugins, enabling unprivileged host users to traverse directories, read/modify files, and potentially execute programs (including those with extended permission bits). The...
Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...
USN-4867-1 runc vulnerabilities
It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...
USN-5032-2: Docker vulnerabilities
USN-5032-1 fixed vulnerabilities in Docker. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them...
Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerabilities (USN-5012-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5012-1 advisory. It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially...
CVE-2021-32760
CVE-2021-32760 affects containerd prior to 1.4.8 and 1.5.4. A crafted container image could cause Unix file permission changes on host files when pulling/extracting, potentially denying access, widening permissions, or setting bits like setuid/setgid/sticky. The flaw does not directly unlock read...
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
MGASA-2021-0248 Updated docker-containerd packages fix security vulnerability
In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...
OESA-2021-1215 runc security update
runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.5.40 security and bug fix update
Red Hat OpenShift Container Platform release 4.5.40 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
RHEL 7 / 8 : OpenShift Container Platform 4.6.30 (RHSA-2021:1566)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1566 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
GHSA-36XW-FX78-C5R4 containerd-shim API Exposed to Host Network Containers
Impact Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID...
Kubernetes Namespaces Are Not as Secure as You Think
In a previous article, we described how the usage of namespaces in Kubernetes significantly simplifies the management of a Kubernetes cluster. However, managing multiple microservices on the same cluster comes with a security cost when not planned correctly. A common misconception around namespac...
[SECURITY] Fedora 33 Update: containerd-1.4.4-1.fc33
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Lin ux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervisio...
Fedora 33 : 1:golang-github-containerd-cri (2021-10ce8fcbf1)
The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-10ce8fcbf1 advisory. - In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through...
CVE-2021-21334
CVE-2021-21334 affects containerd’s CRI plugin: when multiple containers/pods are launched from the same image, containers may receive incorrect environment variables shared across them, potentially exposing sensitive data. The issue is fixed in containerd versions 1.3.10 and 1.4.4; affected envi...
Debian: Security Advisory (DSA-4865-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 33 Update: containerd-1.4.3-1.fc33
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Lin ux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervisio...
Oracle Linux 7 : containerd (ELSA-2020-5964)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5964 advisory. - Addresses CVE-2020-15257 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...