Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/app-containers/containerd@1.6.14
Typeebuild
Namespaceapp-containers
Namecontainerd
Version1.6.14
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.6.19
Latest_non_vulnerable_version1.6.19
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1ucu-ewxj-xfhp
vulnerability_id VCID-1ucu-ewxj-xfhp
summary Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31030
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36746
published_at 2026-04-04T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36572
published_at 2026-04-21T12:55:00Z
2
value 0.00158
scoring_system epss
scoring_elements 0.36631
published_at 2026-04-18T12:55:00Z
3
value 0.00158
scoring_system epss
scoring_elements 0.36649
published_at 2026-04-16T12:55:00Z
4
value 0.00158
scoring_system epss
scoring_elements 0.36603
published_at 2026-04-13T12:55:00Z
5
value 0.00158
scoring_system epss
scoring_elements 0.36628
published_at 2026-04-12T12:55:00Z
6
value 0.00158
scoring_system epss
scoring_elements 0.36663
published_at 2026-04-11T12:55:00Z
7
value 0.00158
scoring_system epss
scoring_elements 0.36654
published_at 2026-04-09T12:55:00Z
8
value 0.00158
scoring_system epss
scoring_elements 0.36637
published_at 2026-04-08T12:55:00Z
9
value 0.00158
scoring_system epss
scoring_elements 0.36584
published_at 2026-04-07T12:55:00Z
10
value 0.00158
scoring_system epss
scoring_elements 0.36715
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31030
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030
3
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
4
reference_url https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382
5
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31030
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31030
11
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-31
12
reference_url https://www.debian.org/security/2022/dsa-5162
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5162
13
reference_url http://www.openwall.com/lists/oss-security/2022/06/07/1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/07/1
14
reference_url https://security.archlinux.org/AVG-2755
reference_id AVG-2755
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2755
15
reference_url https://usn.ubuntu.com/5776-1/
reference_id USN-5776-1
reference_type
scores
url https://usn.ubuntu.com/5776-1/
16
reference_url https://usn.ubuntu.com/USN-5521-1/
reference_id USN-USN-5521-1
reference_type
scores
url https://usn.ubuntu.com/USN-5521-1/
fixed_packages
0
url pkg:ebuild/app-containers/containerd@1.6.14
purl pkg:ebuild/app-containers/containerd@1.6.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14
aliases CVE-2022-31030, GHSA-5ffw-gxpp-mxpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ucu-ewxj-xfhp
1
url VCID-4qfu-ng4n-jbfx
vulnerability_id VCID-4qfu-ng4n-jbfx
summary Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32760
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21711
published_at 2026-04-07T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21731
published_at 2026-04-21T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21765
published_at 2026-04-18T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21759
published_at 2026-04-16T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21817
published_at 2026-04-12T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21857
published_at 2026-04-11T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21727
published_at 2026-04-01T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.21845
published_at 2026-04-09T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21892
published_at 2026-04-02T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21789
published_at 2026-04-08T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21945
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32760
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
5
reference_url https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c
6
reference_url https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.4.8
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/
url https://github.com/containerd/containerd/releases/tag/v1.4.8
8
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.4
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/
url https://github.com/containerd/containerd/releases/tag/v1.5.4
9
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/
url https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32760
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32760
13
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/
url https://security.gentoo.org/glsa/202401-31
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1982681
reference_id 1982681
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1982681
15
reference_url https://security.archlinux.org/ASA-202107-70
reference_id ASA-202107-70
reference_type
scores
url https://security.archlinux.org/ASA-202107-70
16
reference_url https://security.archlinux.org/AVG-2174
reference_id AVG-2174
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2174
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
reference_id DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
18
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
19
reference_url https://access.redhat.com/errata/RHSA-2023:5952
reference_id RHSA-2023:5952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5952
20
reference_url https://usn.ubuntu.com/5012-1/
reference_id USN-5012-1
reference_type
scores
url https://usn.ubuntu.com/5012-1/
21
reference_url https://usn.ubuntu.com/USN-5521-1/
reference_id USN-USN-5521-1
reference_type
scores
url https://usn.ubuntu.com/USN-5521-1/
fixed_packages
0
url pkg:ebuild/app-containers/containerd@1.6.14
purl pkg:ebuild/app-containers/containerd@1.6.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14
aliases CVE-2021-32760, GHSA-c72p-9xmj-rx3w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfu-ng4n-jbfx
2
url VCID-9qpc-77v8-13hw
vulnerability_id VCID-9qpc-77v8-13hw
summary 
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
### Impact

A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`.  Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set.  Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set.  Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted.

This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set.


### Patches

This bug has been fixed in Moby (Docker Engine) 20.10.14.  Users should update to this version as soon as possible.  Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset.

This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment.  Refer to `capabilities(7)` for a description of how capabilities work.  Note that permitted file capabilities continue to allow for privileges to be raised up to the container's bounding set and that processes may add capabilities to their own inheritable set up to the container's bounding set per the rules described in the manual page.  In all cases the container's bounding set provides an upper bound on the capabilities that can be assumed and provides for the container security sandbox.

### Workarounds

The entrypoint of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.

### Credits

The Moby project would like to thank [Andrew G. Morgan](https://github.com/AndrewGMorgan) for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

### For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at [security@docker.com](mailto:security@docker.com) if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24769.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24769.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24769
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26709
published_at 2026-04-21T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.26746
published_at 2026-04-18T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26774
published_at 2026-04-16T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.2675
published_at 2026-04-07T12:55:00Z
4
value 0.00097
scoring_system epss
scoring_elements 0.26869
published_at 2026-04-11T12:55:00Z
5
value 0.00097
scoring_system epss
scoring_elements 0.26866
published_at 2026-04-09T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26819
published_at 2026-04-08T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26767
published_at 2026-04-13T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26825
published_at 2026-04-12T12:55:00Z
9
value 0.00111
scoring_system epss
scoring_elements 0.29566
published_at 2026-04-02T12:55:00Z
10
value 0.00111
scoring_system epss
scoring_elements 0.29614
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24769
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f
7
reference_url https://github.com/moby/moby/commit/7f375bcff41ce672cd61e9a31f3eeb2966e3dbe1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/7f375bcff41ce672cd61e9a31f3eeb2966e3dbe1
8
reference_url https://github.com/moby/moby/releases/tag/v20.10.14
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.14
9
reference_url https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24769
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24769
23
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-31
24
reference_url https://www.debian.org/security/2022/dsa-5162
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5162
25
reference_url http://www.openwall.com/lists/oss-security/2022/05/12/1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/12/1
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2066837
reference_id 2066837
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2066837
27
reference_url https://access.redhat.com/errata/RHSA-2022:1357
reference_id RHSA-2022:1357
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1357
28
reference_url https://access.redhat.com/errata/RHSA-2022:1363
reference_id RHSA-2022:1363
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1363
29
reference_url https://access.redhat.com/errata/RHSA-2022:1370
reference_id RHSA-2022:1370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1370
30
reference_url https://access.redhat.com/errata/RHSA-2022:1622
reference_id RHSA-2022:1622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1622
31
reference_url https://access.redhat.com/errata/RHSA-2022:1699
reference_id RHSA-2022:1699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1699
32
reference_url https://access.redhat.com/errata/RHSA-2022:2265
reference_id RHSA-2022:2265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2265
33
reference_url https://usn.ubuntu.com/5776-1/
reference_id USN-5776-1
reference_type
scores
url https://usn.ubuntu.com/5776-1/
fixed_packages
0
url pkg:ebuild/app-containers/containerd@1.6.14
purl pkg:ebuild/app-containers/containerd@1.6.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14
aliases CVE-2022-24769, GHSA-2mm7-x5h6-5pvq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpc-77v8-13hw
3
url VCID-kuwr-ugf2-rke4
vulnerability_id VCID-kuwr-ugf2-rke4
summary 
Insufficiently restricted permissions on plugin directories
### Impact
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.

### Patches
This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.

### Workarounds
Limit access to the host to trusted users. Update directory permission on container bundles directories. 

### For more information
If you have any questions or comments about this advisory: 
* Open an issue in [github.com/containerd/containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41103
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24592
published_at 2026-04-21T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24614
published_at 2026-04-18T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24689
published_at 2026-04-01T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24624
published_at 2026-04-16T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24611
published_at 2026-04-13T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24668
published_at 2026-04-12T12:55:00Z
6
value 0.00085
scoring_system epss
scoring_elements 0.24709
published_at 2026-04-11T12:55:00Z
7
value 0.00085
scoring_system epss
scoring_elements 0.24695
published_at 2026-04-09T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.24648
published_at 2026-04-08T12:55:00Z
9
value 0.00085
scoring_system epss
scoring_elements 0.24579
published_at 2026-04-07T12:55:00Z
10
value 0.00085
scoring_system epss
scoring_elements 0.24805
published_at 2026-04-04T12:55:00Z
11
value 0.00085
scoring_system epss
scoring_elements 0.24766
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41103
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
6
reference_url https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.4.11
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.4.11
8
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.5.7
9
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41103
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41103
15
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-31
16
reference_url https://www.debian.org/security/2021/dsa-5002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5002
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2011007
reference_id 2011007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2011007
18
reference_url https://security.archlinux.org/AVG-2439
reference_id AVG-2439
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2439
19
reference_url https://access.redhat.com/errata/RHSA-2022:5673
reference_id RHSA-2022:5673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5673
20
reference_url https://access.redhat.com/errata/RHSA-2022:6517
reference_id RHSA-2022:6517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6517
21
reference_url https://usn.ubuntu.com/5100-1/
reference_id USN-5100-1
reference_type
scores
url https://usn.ubuntu.com/5100-1/
22
reference_url https://usn.ubuntu.com/USN-5521-1/
reference_id USN-USN-5521-1
reference_type
scores
url https://usn.ubuntu.com/USN-5521-1/
fixed_packages
0
url pkg:ebuild/app-containers/containerd@1.6.14
purl pkg:ebuild/app-containers/containerd@1.6.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14
aliases CVE-2021-41103, GHSA-c2h3-6mxw-7mvq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwr-ugf2-rke4
4
url VCID-tc5s-4nx2-y7d9
vulnerability_id VCID-tc5s-4nx2-y7d9
summary Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23471
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47797
published_at 2026-04-09T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47746
published_at 2026-04-07T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47854
published_at 2026-04-18T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47861
published_at 2026-04-16T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47807
published_at 2026-04-21T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.47821
published_at 2026-04-11T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47778
published_at 2026-04-02T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47798
published_at 2026-04-12T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47801
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23471
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
4
reference_url https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295
5
reference_url https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/
url https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
6
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.16
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.5.16
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.6.12
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.6.12
8
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/
url https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23471
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23471
10
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/
url https://security.gentoo.org/glsa/202401-31
11
reference_url https://usn.ubuntu.com/5776-1/
reference_id USN-5776-1
reference_type
scores
url https://usn.ubuntu.com/5776-1/
fixed_packages
0
url pkg:ebuild/app-containers/containerd@1.6.14
purl pkg:ebuild/app-containers/containerd@1.6.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14
aliases CVE-2022-23471, GHSA-2qjp-425j-52j9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc5s-4nx2-y7d9
5
url VCID-zedh-ff93-yka4
vulnerability_id VCID-zedh-ff93-yka4
summary Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.
references
0
reference_url http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23648.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23648.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23648
reference_id
reference_type
scores
0
value 0.05848
scoring_system epss
scoring_elements 0.90564
published_at 2026-04-21T12:55:00Z
1
value 0.06156
scoring_system epss
scoring_elements 0.90829
published_at 2026-04-13T12:55:00Z
2
value 0.06156
scoring_system epss
scoring_elements 0.90831
published_at 2026-04-12T12:55:00Z
3
value 0.06156
scoring_system epss
scoring_elements 0.9083
published_at 2026-04-11T12:55:00Z
4
value 0.06156
scoring_system epss
scoring_elements 0.90846
published_at 2026-04-18T12:55:00Z
5
value 0.06156
scoring_system epss
scoring_elements 0.90815
published_at 2026-04-08T12:55:00Z
6
value 0.06156
scoring_system epss
scoring_elements 0.90804
published_at 2026-04-07T12:55:00Z
7
value 0.06156
scoring_system epss
scoring_elements 0.90793
published_at 2026-04-04T12:55:00Z
8
value 0.06156
scoring_system epss
scoring_elements 0.90822
published_at 2026-04-09T12:55:00Z
9
value 0.06156
scoring_system epss
scoring_elements 0.90848
published_at 2026-04-16T12:55:00Z
10
value 0.0813
scoring_system epss
scoring_elements 0.92141
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23648
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
6
reference_url https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.4.13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.4.13
8
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.5.10
9
reference_url https://github.com/containerd/containerd/releases/tag/v1.6.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.6.1
10
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23648
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23648
18
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-31
19
reference_url https://www.debian.org/security/2022/dsa-5091
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5091
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2060029
reference_id 2060029
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2060029
21
reference_url https://security.archlinux.org/AVG-2725
reference_id AVG-2725
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2725
22
reference_url https://usn.ubuntu.com/5311-1/
reference_id USN-5311-1
reference_type
scores
url https://usn.ubuntu.com/5311-1/
23
reference_url https://usn.ubuntu.com/5311-2/
reference_id USN-5311-2
reference_type
scores
url https://usn.ubuntu.com/5311-2/
24
reference_url https://usn.ubuntu.com/USN-5521-1/
reference_id USN-USN-5521-1
reference_type
scores
url https://usn.ubuntu.com/USN-5521-1/
fixed_packages
0
url pkg:ebuild/app-containers/containerd@1.6.14
purl pkg:ebuild/app-containers/containerd@1.6.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14
aliases CVE-2022-23648, GHSA-crp2-qrr5-8pq7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zedh-ff93-yka4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.14