How severe is CVE-2021-32760?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2021-32760?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2021-32760 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.

Related Vulnerabilities

CVE-2016-5787

MEDIUM

CVSS:6.3(Medium)

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

CWE-6682016

CVE-2020-1945

MEDIUM

CVSS:6.3(Medium)

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The ...

CWE-6682020

CVE-2021-21334

MEDIUM

CVSS:6.3(Medium)

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/conta...

CWE-6682021

CVE-2021-29280

MEDIUM

CVSS:6.4(Medium)

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

CWE-6682021

CVE-2012-5639

MEDIUM

CVSS:6.5(Medium)

LibreOffice and OpenOffice automatically open embedded content

CWE-6682012

CVE-2018-20237

MEDIUM

CVSS:6.5(Medium)

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

CWE-6682018