{ "threat_severity" : "Moderate", "public_date" : "2021-02-05T00:00:00Z", "bugzilla" : { "description" : "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "id" : "1919391", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, "cvss3" : { "cvss3_base_score" : "7.2", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-22", "details" : [ "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement" : "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Moderate.\nThe fix for podman was released as a part of OpenShift 4.8 and is included in future releases.", "acknowledgement" : "This issue was discovered by Casey Callendrello (Red Hat).", "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2021-04-05T00:00:00Z", "advisory" : "RHSA-2021:1005", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-docker-builder:v4.7.0-202103270130.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2021-04-05T00:00:00Z", "advisory" : "RHSA-2021:1007", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2021-05-19T00:00:00Z", "advisory" : "RHSA-2021:1552", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-sriov-infiniband-cni:v4.7.0-202104281843.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2022-02-16T00:00:00Z", "advisory" : "RHSA-2022:0492", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2022-05-02T00:00:00Z", "advisory" : "RHSA-2022:1660", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4-wincw/windows-machine-config-rhel8-operator:2.0.5-4" }, { "product_name" : "Red Hat OpenShift Container Platform 4.8", "release_date" : "2021-07-27T00:00:00Z", "advisory" : "RHSA-2021:2438", "cpe" : "cpe:/a:redhat:openshift:4.8::el8", "package" : "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.8", "release_date" : "2021-07-27T00:00:00Z", "advisory" : "RHSA-2021:2438", "cpe" : "cpe:/a:redhat:openshift:4.8::el8", "package" : "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.8", "release_date" : "2021-08-03T00:00:00Z", "advisory" : "RHSA-2021:3001", "cpe" : "cpe:/a:redhat:openshift:4.8::el8", "package" : "openshift4-wincw/windows-machine-config-rhel8-operator:3.0.0-16" } ], "package_state" : [ { "product_name" : "OpenShift Service Mesh 2.0", "fix_state" : "Affected", "package_name" : "servicemesh-cni", "cpe" : "cpe:/a:redhat:service_mesh:2.0" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "cni", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "container-tools:1.0/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "container-tools:1.0/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "container-tools:1.0/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "container-tools:2.0/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:2.0/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:2.0/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "container-tools:rhel8/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "atomic-openshift", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-openshift-cluster-autoscaler", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "containernetworking-cni", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Out of support scope", "package_name" : "buildah", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/cnf-tests-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/file-integrity-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cluster-autoscaler-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-cluster-network-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-hyperkube", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-kube-proxy-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-multus-admission-controller", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-multus-cni", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-network-interface-bond-cni-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-ovn-kubernetes", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-sdn-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-sriov-dp-admission-controller", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-sriov-network-webhook", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Out of support scope", "package_name" : "openshift4/ose-tests", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-vertical-pod-autoscaler-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Not affected", "package_name" : "ocs4/cephcsi-rhel8", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Will not fix", "package_name" : "ocs4/ocs-must-gather-rhel8", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Will not fix", "package_name" : "ocs4/ocs-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Will not fix", "package_name" : "ocs4/rook-ceph-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Affected", "package_name" : "cnv-containernetworking-plugins-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Will not fix", "package_name" : "kubemacpool-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Affected", "package_name" : "ovs-cni-plugin-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-builder-rhel8", "cpe" : "cpe:/a:redhat:quay:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-20206\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20206" ], "name" : "CVE-2021-20206", "csaw" : false }