High severityNVD Advisory· Published Mar 26, 2021· Updated Aug 3, 2024
CVE-2021-20206
CVE-2021-20206
Description
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/containernetworking/cniGo | < 0.8.1 | 0.8.1 |
Affected products
98- containernetworking/cnidescription
- ghsa-coords97 versionspkg:golang/github.com/containernetworking/cnipkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/buildah&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cni&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/cni&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/cni&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/cni&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/cni&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cni-plugins&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/cni-plugins&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/cni-plugins&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/cni-plugins&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/cni-plugins&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libgpg-error&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libgpg-error&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/podman&distro=openSUSE%20Tumbleweedpkg:rpm/suse/buildah&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/buildah&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/buildah&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/buildah&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/buildah&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/cni&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/cni&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/cni&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/cni&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/cni&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/cni&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/cni-plugins&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/cni-plugins&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/cni-plugins&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/cni-plugins&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/cni-plugins&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/cni-plugins&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/libgpg-error&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libgpg-error&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libgpg-error&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/podman&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 0.8.1+ 96 more
- (no CPE)range: < 0.8.1
- (no CPE)range: < 1.27.1-150300.8.11.1
- (no CPE)range: < 1.27.1-150400.3.8.1
- (no CPE)range: < 1.23.0-1.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 1.0.1-3.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 1.1.1-2.1
- (no CPE)range: < 1.42-150300.9.3.1
- (no CPE)range: < 1.42-150300.9.3.1
- (no CPE)range: < 4.3.1-150400.4.11.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150400.4.11.1
- (no CPE)range: < 4.2.0-2.1
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.27.1-150300.8.11.1
- (no CPE)range: < 1.27.1-150400.3.8.1
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 1.25.1-150100.3.13.12
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150000.1.7.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.7.1-150100.3.8.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150000.1.7.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 0.8.6-150100.3.11.1
- (no CPE)range: < 1.42-150300.9.3.1
- (no CPE)range: < 1.42-150300.9.3.1
- (no CPE)range: < 1.42-150300.9.3.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150400.4.11.1
- (no CPE)range: < 4.3.1-150400.4.11.1
- (no CPE)range: < 4.3.1-150300.9.15.1
- (no CPE)range: < 4.3.1-150300.9.15.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-xjqr-g762-pxwpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20206ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/containernetworking/cni/pull/808ghsaWEB
- pkg.go.dev/vuln/GO-2022-0230ghsaWEB
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.