VYPR
Low severityNVD Advisory· Published Oct 4, 2021· Updated Aug 4, 2024

`docker cp` allows unexpected chmod of host files

CVE-2021-41089

Description

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/docker/dockerGo
< 20.10.920.10.9

Affected products

96

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.