Incorrect Execution-Assigned Permissions in github.com/containerd/containerd
CVE-2024-25621
- github.com/containerd/containerd
- github.com/containerd/Containerd
- github.com/Containerd/containerd
- github.com/Containerd/Containerd
- github.com/containerd/containerd/v2
- github.com/containerd/Containerd/v2
Summary
Containerd is an open-source container runtime. Versions from 0.1.0 through 1.7.28, 2.0.x through 2.0.6, 2.1.x through 2.1.4 and 2.2.x through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths "/var/lib/containerd", "/run/containerd/io.containerd.grpc.v1.cri" and "/run/containerd/io.containerd.sandbox.controller.v1.shim" were all created with incorrect permissions. Workarounds include updating system administrator permissions so the host can manually "chmod" the directories to not have group or world accessible permissions, or to run containerd in rootless mode.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-279 - Incorrect Execution-Assigned Permissions
While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
References
Advisory Timeline
- Published
