CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-41089.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

21 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
### [CVE-2021-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089)
![](https://img.shields.io/static/v1?label=Product&message=moby&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2020.10.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-281%3A%20Improper%20Preservation%20of%20Permissions&color=brightgreen)
### Description
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/8-cm/kube-dump
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ssst0n3/my_vulnerabilities
- https://github.com/ssst0n3/ssst0n3
Reference in New Issue View Git Blame Copy Permalink