containerd is vulnerable to information disclosure. The vulnerability exists through containerd’s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers.
github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
github.com/containerd/containerd/releases/tag/v1.3.10
github.com/containerd/containerd/releases/tag/v1.4.4
github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
lists.fedoraproject.org/archives/list/[email protected]/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/
lists.fedoraproject.org/archives/list/[email protected]/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/
lists.fedoraproject.org/archives/list/[email protected]/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/
security-tracker.debian.org/tracker/CVE-2021-21334
security.gentoo.org/glsa/202105-33