PT-2021-7911 · Unknown+2 · Containernetworking/Cni+2
Pedro Sampaio
·
Published
2021-01-19
·
Updated
2024-06-15
·
CVE-2021-20206
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
containernetworking/cni versions prior to 0.8.1
Description
The issue is related to an improper limitation of path name flaw in the Container Network Interface (CNI) that can be exploited by an attacker to execute other existing binaries on the system, potentially affecting the confidentiality, integrity, and availability of protected information. This can be achieved by using special elements such as "../" separators when specifying the plugin to load in the 'type' field in the network configuration. The vulnerability allows attackers to reference binaries elsewhere on the system, including executing commands like 'reboot'.
Recommendations
For containernetworking/cni versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the 'type' field in the network configuration to prevent the execution of arbitrary binaries until a patch is applied. Avoid using special elements such as "../" separators when specifying plugins to load.
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Suse
Containernetworking/Cni