VDB
RHSA-2022%3A6517
RHSA-2022%3A6517
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in the containerd package. Containerd could allow a local authenticated attacker to traverse directories on the system, due to improper restricted permissions on the container root and plugin directories. This issue could allow an attacker to send a specially-crafted request containing "dot dot" sequences (/../) to view directory contents and execute programs.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64 as a component of Red Hat OpenStack Platform 16.2 | *, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64 |
| Red Hat | rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64 | |
| Red Hat | rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64 as a component of Red Hat OpenStack Platform 16.2 | rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64, rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64, rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64 |
| Red Hat | rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64 as a component of Red Hat OpenStack Platform 16.2 | *, *, * |
| golang | Go | |
| Red Hat | rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64 as a component of Red Hat OpenStack Platform 16.2 | rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64 |
Timeline
- Sep 14, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jun 19, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:6517 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2011007 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107342 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6517.json advisory
- https://access.redhat.com/security/cve/CVE-2021-41103 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-41103 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-41103 advisory
- https://access.redhat.com/security/cve/CVE-2022-30631 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-30631 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-30631 advisory
- https://go.dev/issue/53168 advisory
- https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE advisory