7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
github.com/containerd/containerd is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access read-only copies of arbitrary files and directories on the host via a specially-crafted image configuration resulting in disclosure of sensitive information.
packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html
github.com/containerd/containerd/commit/075cfdff68941fe30338ebe034fa67ce09fb4b55
github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
github.com/containerd/containerd/commit/5296045d0c2e70ffceba17e7a872f1396904397f
github.com/containerd/containerd/commit/9cc61520f4cd876b86e77edfeb88fbcd536d1f9d
github.com/containerd/containerd/releases/tag/v1.4.13
github.com/containerd/containerd/releases/tag/v1.5.10
github.com/containerd/containerd/releases/tag/v1.6.1
github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
lists.fedoraproject.org/archives/list/[email protected]/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/
lists.fedoraproject.org/archives/list/[email protected]/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/
lists.fedoraproject.org/archives/list/[email protected]/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/
www.debian.org/security/2022/dsa-5091
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N