Overly Broad Default Permission Vulnerability in containerd by Docker
CVE-2024-25621
What is CVE-2024-25621?
The containerd open-source container runtime has a default permission vulnerability that incorrectly grants broad access to critical directory paths, including /var/lib/containerd, /run/containerd/io.containerd.grpc.v1.cri, and /run/containerd/io.containerd.sandbox.controller.v1.shim. This misconfiguration can expose sensitive components to unauthorized access, potentially leading to security breaches. Users are advised to upgrade to versions 1.7.29, 2.0.7, 2.1.5, or 2.2.0 to mitigate this risk. Temporary workarounds include adjusting system administrator permissions or utilizing rootless mode for enhanced security.
Affected Version(s)
containerd < 1.7.29 < 1.7.29
containerd >= 2.0.0-beta.0, < 2.0.7 < 2.0.0-beta.0, 2.0.7
containerd >= 2.1.0-beta.0, < 2.1.5 < 2.1.0-beta.0, 2.1.5