CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

Published: May 27, 2021
Updated: Nov 8, 2023
CVE: CVE-2021-30465
GHSA: GHSA-c3xm-pvg7-gh7r
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.5
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
linuxfoundation / runc	1.0.0-rc7	1.0.0-rc7.x
linuxfoundation / runc	1.0.0-rc6	1.0.0-rc6.x
linuxfoundation / runc	1.0.0-rc5	1.0.0-rc5.x
linuxfoundation / runc	1.0.0-rc4	1.0.0-rc4.x
linuxfoundation / runc	1.0.0-rc3	1.0.0-rc3.x
linuxfoundation / runc	1.0.0-rc2	1.0.0-rc2.x
linuxfoundation / runc	1.0.0-rc1	1.0.0-rc1.x
linuxfoundation / runc	1.0.0-rc8	1.0.0-rc8.x
linuxfoundation / runc	1.0.0-rc9	1.0.0-rc9.x
linuxfoundation / runc	-	0.1.1.x
linuxfoundation / runc	1.0.0-rc94	1.0.0-rc94.x
linuxfoundation / runc	1.0.0-rc10	1.0.0-rc10.x
linuxfoundation / runc	1.0.0-rc90	1.0.0-rc90.x
linuxfoundation / runc	1.0.0-rc91	1.0.0-rc91.x
linuxfoundation / runc	1.0.0-rc92	1.0.0-rc92.x
linuxfoundation / runc	1.0.0-rc93	1.0.0-rc93.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
github.com/opencontainers/runc	-	1.0.0-rc95

Vulnerability Database

289,599

CVE-2021-30465