QwikSec

Security Database

CVE

CWE

Training

CVE-2021-41089

Published: Oct 4, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

2.8

LOW

Description

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

Vendor	Product	Versions
moby	moby	affected `< 20.10.9`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4

x_refsource_CONFIRM

https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a

x_refsource_MISC

FEDORA-2021-df975338d4

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-b5a9a481a2

vendor-advisory

x_refsource_FEDORA

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.