Synology-SA-21:08 Docker
Publish Time: 2021-02-23 11:18:06 UTC+8
Last Updated: 2021-06-13 11:21:28 UTC+8
- Severity
- Low
- Status
- Resolved
Abstract
A vulnerability allows local users to read or write arbitrary files via a susceptible version of Docker.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Docker | Low | Upgrade to 18.09.0-0515 or above. |
Mitigation
None
Detail
- CVE-2021-33183
- Severity: Low
- CVSS3 Base Score: 7.9
- CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
- Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Acknowledgement
Bing-Jhong Jheng
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2021-02-23 | Initial public release. |
| 2 | 2021-06-10 | Disclosed vulnerability details. |