VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4n2v-fp9e-aaam

Essentials
Severities (121)
References (27)
Severity details (35)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-4n2v-fp9e-aaam
Aliases	CVE-2021-32760 GHSA-c72p-9xmj-rx3w
Summary	containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-732	Incorrect Permission Assignment for Critical Resource
CWE-281	Improper Preservation of Permissions
CWE-668	Exposure of Resource to Wrong Sphere

System	Score	Found at
generic_textual	High	http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32760.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:2183
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
epss	0.00581	https://api.first.org/data/v1/epss?cve=CVE-2021-32760
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1982681
generic_textual	High	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760
cvssv3.1	3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://github.com/containerd/containerd
generic_textual	MODERATE	https://github.com/containerd/containerd
cvssv3.1	5.0	https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c
cvssv3.1	5.0	https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f
cvssv3.1	5	https://github.com/containerd/containerd/releases/tag/v1.4.8
cvssv3.1	5.0	https://github.com/containerd/containerd/releases/tag/v1.4.8
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.4.8
ssvc	Track	https://github.com/containerd/containerd/releases/tag/v1.4.8
cvssv3.1	5	https://github.com/containerd/containerd/releases/tag/v1.5.4
cvssv3.1	5.0	https://github.com/containerd/containerd/releases/tag/v1.5.4
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.5.4
ssvc	Track	https://github.com/containerd/containerd/releases/tag/v1.5.4
cvssv3.1	5	https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
cvssv3.1	5.0	https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
generic_textual	MODERATE	https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
ssvc	Track	https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
cvssv3.1	5.0	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
cvssv3.1	5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
cvssv3.1	5.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2021-32760
cvssv3	6.3	https://nvd.nist.gov/vuln/detail/CVE-2021-32760
cvssv3.1	6.3	https://nvd.nist.gov/vuln/detail/CVE-2021-32760
archlinux	Medium	https://security.archlinux.org/AVG-2174
cvssv3.1	5	https://security.gentoo.org/glsa/202401-31
ssvc	Track	https://security.gentoo.org/glsa/202401-31
generic_textual	High	https://ubuntu.com/security/notices/USN-5012-1

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32760.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-32760
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/containerd/containerd
		https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c
		https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f
		https://github.com/containerd/containerd/releases/tag/v1.4.8
		https://github.com/containerd/containerd/releases/tag/v1.5.4
		https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
		https://ubuntu.com/security/notices/USN-5012-1
1982681		https://bugzilla.redhat.com/show_bug.cgi?id=1982681
ASA-202107-70		https://security.archlinux.org/ASA-202107-70
AVG-2174		https://security.archlinux.org/AVG-2174
cpe:2.3:a:linuxfoundation:containerd::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
CVE-2021-32760		https://nvd.nist.gov/vuln/detail/CVE-2021-32760
GLSA-202401-31		https://security.gentoo.org/glsa/202401-31
RHSA-2022:2183		https://access.redhat.com/errata/RHSA-2022:2183
RHSA-2023:5952		https://access.redhat.com/errata/RHSA-2023:5952
USN-5012-1		https://usn.ubuntu.com/5012-1/
USN-USN-5521-1		https://usn.ubuntu.com/USN-5521-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/releases/tag/v1.4.8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/releases/tag/v1.4.8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/ Found at https://github.com/containerd/containerd/releases/tag/v1.4.8

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/releases/tag/v1.5.4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/releases/tag/v1.5.4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/ Found at https://github.com/containerd/containerd/releases/tag/v1.5.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/ Found at https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-32760

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-32760

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-32760

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://security.gentoo.org/glsa/202401-31

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/ Found at https://security.gentoo.org/glsa/202401-31

Exploit Prediction Scoring System (EPSS)

Percentile	0.30925
EPSS Score	0.00141
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.