How severe is CVE-2021-41091?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2021-41091?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2021-41091

MEDIUM Year: 2021

CVSS v3 Score

6.3

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-281

View all →

Vulnerability Description

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.

CVE-2021-41089

MEDIUM

CVSS:6.3(Medium)

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted ...

CWE-2812021

CVE-2023-25809

MEDIUM

CVSS:6.3(Medium)

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: ...

CWE-2812023

CVE-2023-2993

MEDIUM

CVSS:6.3(Medium)

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the ...

CWE-2812023

CVE-2024-28152

MEDIUM

CVSS:6.3(Medium)

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allo...

CWE-2812024

CVE-2024-50929

MEDIUM

CVSS:6.2(Medium)

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).

CWE-2812024

CVE-2021-3418

MEDIUM

CVSS:6.4(Medium)

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot...

CWE-2812021

CVE-2021-41091

Vulnerability Description

Related Vulnerabilities

CVE-2021-41089

CVE-2023-25809

CVE-2023-2993

CVE-2024-28152

CVE-2024-50929

CVE-2021-3418