7.3 CVE-2024-25621

Patch
 

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.
https://nvd.nist.gov/vuln/detail/CVE-2024-25621

Categories

CWE-279

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:* < 1.7.29
cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:* >= 2.0.0 < 2.0.7
cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:* >= 2.1.0 < 2.1.5
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta0:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc0:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc1:*:*:*:*:*:*

REMEDIATION

Patch

Url
https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b236...
https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w

EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry