HIGH🇬🇧 English

CVE-2024-25621

CVSS 7.3v3.1pub. 2025-11-06upd. 2025-12-31

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Linuxfoundation Containerd

    APP
    Linuxfoundation
    2.2.0< 1.7.292.0.0 – 2.0.7 (bez)2.1.0 – 2.1.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2026-53488CRITICAL9.4ten sam produkt

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...

CVE-2026-53492HIGH8.4ten sam produkt

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implement...

CVE-2026-46680HIGH7.3ten sam produkt

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, container...

CVE-2026-53489HIGH8.2ten sam produkt

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where t...

CVE-2025-47290HIGH7.6ten sam produkt

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containe...