Lucene search
Veracode Vulnerability DatabaseVERACODE:29315HistoryFeb 09, 2021 - 12:44 p.m.
Privilege Escalation
2021-02-0912:44:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.0005 Low
EPSS
Percentile
17.2%
docker is vulnerable to privilege escalation. The --userns-remap option allows the root user in the remapped namespace, who has access to the host filesystem, to modify files under /var/lib/docker/ and write files with extended privileges.
References
docs.docker.com/engine/release-notes/#20103
github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
github.com/moby/moby/releases/tag/v19.03.15
github.com/moby/moby/releases/tag/v20.10.3
github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
security-tracker.debian.org/tracker/CVE-2021-21284
security.gentoo.org/glsa/202107-23
security.netapp.com/advisory/ntap-20210226-0005/
www.debian.org/security/2021/dsa-4865
Related
cbl_mariner
cbl_mariner
CVE-2021-21284 affecting package moby-cli 19.03.15-2
2021-07-08 21:57:06
CVE-2021-21284 affecting package moby-engine 19.03.15-2
2021-07-08 21:56:37
CVE-2021-21284 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
alpinelinux
alpinelinux
CVE-2021-21284
2021-02-02 18:15:11
cvelist
cvelist
CVE-2021-21284 privilege escalation in Moby
2021-02-02 17:55:22
cve
cve
CVE-2021-21284
2021-02-02 18:15:11
osv
osv
CVE-2021-21284
2021-02-02 18:15:11
moby Access to remapped root allows privilege escalation to real root
2024-01-31 23:14:25
docker.io - security update
2021-02-27 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1644)
2022-05-06 00:00:00
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1658)
2022-05-06 00:00:00
prion
prion
Privilege escalation
2021-02-02 18:15:00
github
github
moby Access to remapped root allows privilege escalation to real root
2024-01-31 23:14:25
openvas
openvas
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1644)
2022-05-09 00:00:00
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1658)
2022-05-09 00:00:00
Docker < 19.03.15, 20.x < 20.10.3 Multiple Vulnerabilities
2021-02-08 00:00:00
redhatcve
redhatcve
CVE-2021-21284
2021-02-03 20:04:15
nvd
nvd
CVE-2021-21284
2021-02-02 18:15:11
debiancve
debiancve
CVE-2021-21284
2021-02-02 18:15:11
ubuntucve
ubuntucve
CVE-2021-21284
2021-02-02 00:00:00
archlinux
archlinux
[ASA-202102-12] docker: multiple issues
2021-02-06 00:00:00
amazon
amazon
Medium: docker
2021-11-11 20:21:00
ibm
ibm
gentoo
gentoo
Docker: Multiple vulnerabilities
2021-07-10 00:00:00
suse
suse
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (important)
2021-02-12 00:00:00
Security update for containerd, docker, runc (important)
2021-06-16 00:00:00
Security update for containerd, docker, runc (important)
2021-07-10 00:00:00
debian
debian
[SECURITY] [DSA 4865-1] docker.io security update
2021-02-27 18:36:39
photon
photon
Critical Photon OS Security Update - PHSA-2021-0228
2021-04-30 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0228
2021-04-30 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0045
2023-07-05 00:00:00