VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-cyue-ugaw-aaar

Essentials
Severities (121)
References (33)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-cyue-ugaw-aaar
Aliases	CVE-2021-41103 GHSA-c2h3-6mxw-7mvq
Summary	containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

System	Score	Found at
generic_textual	High	http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-41103.html
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5673
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2021-41103
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2011007
cvssv3.1	5.9	https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
generic_textual	MODERATE	https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
generic_textual	High	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://github.com/containerd/containerd
generic_textual	MODERATE	https://github.com/containerd/containerd
cvssv3.1	5.9	https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
cvssv3.1	5.9	https://github.com/containerd/containerd/releases/tag/v1.4.11
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.4.11
cvssv3.1	5.9	https://github.com/containerd/containerd/releases/tag/v1.5.7
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.5.7
cvssv3.1	5.9	https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
generic_textual	MODERATE	https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
cvssv2	7.2	https://nvd.nist.gov/vuln/detail/CVE-2021-41103
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2021-41103
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2021-41103
archlinux	Medium	https://security.archlinux.org/AVG-2439
generic_textual	High	https://ubuntu.com/security/notices/USN-5100-1
cvssv3.1	5.9	https://www.debian.org/security/2021/dsa-5002
generic_textual	MODERATE	https://www.debian.org/security/2021/dsa-5002

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-41103.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-41103
		https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/containerd/containerd
		https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
		https://github.com/containerd/containerd/releases/tag/v1.4.11
		https://github.com/containerd/containerd/releases/tag/v1.5.7
		https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
		https://ubuntu.com/security/notices/USN-5100-1
		https://www.debian.org/security/2021/dsa-5002
2011007		https://bugzilla.redhat.com/show_bug.cgi?id=2011007
AVG-2439		https://security.archlinux.org/AVG-2439
cpe:2.3:a:linuxfoundation:containerd::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2021-41103		https://nvd.nist.gov/vuln/detail/CVE-2021-41103
GLSA-202401-31		https://security.gentoo.org/glsa/202401-31
RHSA-2022:5673		https://access.redhat.com/errata/RHSA-2022:5673
RHSA-2022:6517		https://access.redhat.com/errata/RHSA-2022:6517
USN-5100-1		https://usn.ubuntu.com/5100-1/
USN-USN-5521-1		https://usn.ubuntu.com/USN-5521-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/releases/tag/v1.4.11

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/releases/tag/v1.5.7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41103

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://www.debian.org/security/2021/dsa-5002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.15160
EPSS Score	0.00045
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.