privilege escalation in Moby
CVE-2021-21284

6.8MEDIUM

Key Information:

Vendor

Moby

Status
Moby
Vendor
CVE Published:
2 February 2021

What is CVE-2021-21284?

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Affected Version(s)

moby < 19.03.15 < 19.03.15

moby >= 20.0.0, < 20.10.3 < 20.0.0, 20.10.3

References

https://docs.docker.com/engine/release-notes/#20103
x_refsource_MISC
https://github.com/moby/moby/releases/tag/v20.10.3
x_refsource_MISC
https://github.com/moby/moby/releases/tag/v19.03.15
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.