6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
containerd is vulnerable to information disclosure. The vulnerability exists through containerd’s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers.
github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
github.com/containerd/containerd/releases/tag/v1.3.10
github.com/containerd/containerd/releases/tag/v1.4.4
github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
lists.fedoraproject.org/archives/list/[email protected]/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/
lists.fedoraproject.org/archives/list/[email protected]/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/
lists.fedoraproject.org/archives/list/[email protected]/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/
security-tracker.debian.org/tracker/CVE-2021-21334
security.gentoo.org/glsa/202105-33
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N