正文

Docker 路径遍历漏洞

admin
admin V管理员 /0 评论 /12 阅读
0305
此篇文章发布距今已超过1204天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Docker 路径遍历漏洞

  • CNNVD编号:CNNVD-202102-200
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2021-21284
  • 漏洞类型: 路径遍历
  • 发布时间: 2021-02-02
  • 威胁类型: 远程或本地
  • 更新时间: 2021-11-17
  • 厂        商:
  • 漏洞来源:

漏洞简介

Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。

Docker before versions 9.03.15, 20.10.3 存在路径遍历漏洞,该漏洞源于被映射的命名空间中的根用户可以访问主机文件系统。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c

参考网址

来源:MISC

链接:https://github.com/moby/moby/releases/tag/v19.03.15

来源:MISC

链接:https://docs.docker.com/engine/release-notes/#20103

来源:MISC

链接:https://github.com/moby/moby/releases/tag/v20.10.3

来源:DEBIAN

链接:https://www.debian.org/security/2021/dsa-4865

来源:CONFIRM

链接:https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210226-0005/

来源:MISC

链接:https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6455281

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021111511

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affects-ibm-infosphere-information-server/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6486327

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-docker-and-icp-affect-ibm-spectrum-discover/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2118

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071003

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-21284

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163454/Gentoo-Linux-Security-Advisory-202107-23.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0547

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0734

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-mongodb-node-js-docker-and-xstream-affect-ibm-spectrum-protect-plus/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affect-ibm-cloud-pak-system/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Docker-Engine-Moby-read-write-access-via-Remapped-Root-34455

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1491

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-docker-cve-2021-21285-cve-2021-21284/

受影响实体

    暂无


补丁

  • Docker 路径遍历漏洞的修复措施
    <!--
    2021-2-2
    -->