CVE-2024-25621

EPSS 0.01%
Veröffentlicht 06.11.2025 18:36:21
Zuletzt bearbeitet 31.12.2025 02:29:30
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linuxfoundation ≫ Containerd Version < 1.7.29

Linuxfoundation ≫ Containerd Version >= 2.0.0 < 2.0.7

Linuxfoundation ≫ Containerd Version >= 2.1.0 < 2.1.5

Linuxfoundation ≫ Containerd Version2.2.0 Updatebeta0

Linuxfoundation ≫ Containerd Version2.2.0 Updatebeta1

Linuxfoundation ≫ Containerd Version2.2.0 Updatebeta2

Linuxfoundation ≫ Containerd Version2.2.0 Updaterc0

Linuxfoundation ≫ Containerd Version2.2.0 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-279 Incorrect Execution-Assigned Permissions

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w

Patch

Vendor Advisory

https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5

Patch

https://github.com/containerd/containerd/blob/main/docs/rootless.md

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-25621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25621

EUVD