Lucene search
RedhatCVELIST:CVE-2021-20206HistoryMar 26, 2021 - 9:34 p.m.
CVE-2021-20206
2021-03-2621:34:58
CWE-20
redhat
www.cve.org
8
cve-2021-20206
containernetworking/cni
path name limitation
network configuration
special elements
binaries
vulnerability
confidentiality
integrity
system availability
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the โtypeโ field in the network configuration, it is possible to use special elements such as โโฆ/โ separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as โrebootโ. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CNA Affected
[
{
"product": "containernetworking-cni",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "containernetworking/cni 0.8.1"
}
]
}
]Related
osv
osv
containernetworking/cni improper limitation of path name
2022-02-15 01:57:18
Improper limitation of path name in github.com/containernetworking/cni
2022-07-01 20:17:57
cni-1.0.1-3.1 on GA media
2024-06-15 00:00:00
nessus
nessus
SUSE SLES15 Security Update : cni (SUSE-SU-2022:4150-1)
2022-11-23 00:00:00
SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2022:4593-1)
2022-12-21 00:00:00
RHEL 8 : containernetworking-cni (Unpatched Vulnerability)
2024-05-11 00:00:00
prion
prion
Design/Logic Flaw
2021-03-26 22:15:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4593-1)
2022-12-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4592-1)
2022-12-21 00:00:00
Fedora: Security Advisory for buildah (FEDORA-2021-fb466fb623)
2021-02-26 00:00:00
alpinelinux
alpinelinux
CVE-2021-20206
2021-03-26 22:15:12
ubuntucve
ubuntucve
CVE-2021-20206
2021-03-26 00:00:00
debiancve
debiancve
CVE-2021-20206
2021-03-26 22:15:12
fedora
fedora
[SECURITY] Fedora 33 Update: skopeo-1.2.2-1.fc33
2021-02-26 01:09:46
[SECURITY] Fedora 33 Update: containernetworking-plugins-0.9.1-2.fc33
2021-02-26 01:09:46
[SECURITY] Fedora 33 Update: containers-common-1-4.fc33
2021-02-26 01:09:46
veracode
veracode
Arbitrary Path Injection
2021-02-08 06:36:34
redhat
redhat
redhatcve
redhatcve
CVE-2021-20206
2021-02-05 06:22:02
github
github
containernetworking/cni improper limitation of path name
2022-02-15 01:57:18
cve
cve
CVE-2021-20206
2021-03-26 22:15:12
nvd
nvd
CVE-2021-20206
2021-03-26 22:15:12
suse
suse
Security update for buildah (moderate)
2022-03-09 00:00:00
Security update for buildah (important)
2022-10-19 00:00:00
Security update for buildah (important)
2022-10-26 00:00:00
ibm
ibm
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45