PT-2021-7623 · Unknown+6 · Kubernetes Containerd+5

Mcgowan

·

Published

2021-03-05

·

Updated

2024-06-15

·

CVE-2021-21334

CVSS v3.1

6.3

Medium

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions containerd versions prior to 1.3.10 containerd versions prior to 1.4.4
Description The issue is related to the disclosure of information in the error data area of the containerd runtime environment. Containers launched through containerd's CRI implementation that share the same image may receive incorrect environment variables, including values defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared.
Recommendations Update to containerd version 1.3.10 or later. Update to containerd version 1.4.4 or later. As a temporary workaround, consider avoiding the launch of multiple containers or Kubernetes pods from the same image with different environment variables in rapid succession. Restrict the use of containerd's CRI implementation to minimize the risk of exploitation.

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

ALT-PU-2021-1464
ALT-PU-2022-1248
AZL-44910
BDU:2023-00284
CVE-2021-21334
GHSA-6G2Q-W5J3-FWH4
MGASA-2021-0248
OPENSUSE-SU-2021:0878-1
OPENSUSE-SU-2021:1954-1
OPENSUSE-SU-2021_0878-1
OPENSUSE-SU-2021_1954-1
OPENSUSE-SU-2024:10693-1
SUSE-SU-2021:1458-1
SUSE-SU-2021:1954-1
USN-4881-1

Affected Products

Alt Linux
Astra Linux
Kubernetes Containerd
Linuxmint
Suse
Ubuntu