Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Name: Improper Control of Resource Identifiers ('Resource Injection')
Description: The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
Description: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory.
Name: Improper Link Resolution Before File Access ('Link Following')
Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Tool Description: Summary: Insufficiently restricted permissions on plugin directories.
Description: ### Impact
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.
Patches
This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.
Workarounds
Limit access to the host to trusted users. Update directory permission on container bundles directories.
For more information
If you have any questions or comments about this advisory:
Due Date: 2022-09-29
A medium severity vulnerability has been discovered in your project.
Project Name: test
Scanner Name: dependabot
Cwe ID: 22
Cwe Name: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
Cwe Link: https://cwe.mitre.org/data/definitions/22.html
File: go.sum
Packages:
References:
Training(Secure Code Warrior):
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection/pathtraversal/go/vanilla
Videos:
Name: External Control of File Name or Path
Description: The software allows user input to control or influence paths or file names that are used in filesystem operations.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection/lfi/go/vanilla
Videos:
Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection
Videos:
Name: Improper Control of Resource Identifiers ('Resource Injection')
Description: The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection/resource/go/vanilla
Videos:
Name: Relative Path Traversal
Description: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection/pathtraversal/go/vanilla
Videos:
Name: Improper Link Resolution Before File Access ('Link Following')
Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/access
Videos:
Tool Description: Summary: Insufficiently restricted permissions on plugin directories. Description: ### Impact A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.
Patches
This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.
Workarounds
Limit access to the host to trusted users. Update directory permission on container bundles directories.
For more information
If you have any questions or comments about this advisory:
Kondukto Link: http://80.kondukto.local/projects/6331ad74ef14f4953e572991/vulns/appsec?page=1&perPage=15&id=in:6335bbc283ca0b2957d5870c