An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0326-1 advisory.

  - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including     from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by     default and do not require authentication. This issue affects Podman 1.8.0 onwards. (CVE-2021-20199)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

  - A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual     machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is     accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an     attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making     private services on the VM accessible to the network. This issue could be also used to interrupt the     host's services by forwarding all ports to the VM. (CVE-2021-4024)

  - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution     of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone     was used to determine the type of document during push and pull operations. Documents that contain both     manifests and layers fields could be interpreted as either a manifest or an index in the absence of an     accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a     client may interpret the resulting content differently. The OCI Distribution Specification has been     updated to require that a mediaType value present in a manifest or index match the Content-Type header     used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type     header and reject an ambiguous document that contains both manifests and layers fields or manifests     and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)

  - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
    A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-     empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27649)

  - An incorrect handling of the supplementary groups in the Podman container engine might lead to the     sensitive information disclosure or possible data modification if an attacker has direct access to the     affected container where supplementary groups are used to set access permissions and is able to execute a     binary code in that container. (CVE-2022-2989)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory.

  - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including     from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by     default and do not require authentication. This issue affects Podman 1.8.0 onwards. (CVE-2021-20199)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

  - A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual     machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is     accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an     attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making     private services on the VM accessible to the network. This issue could be also used to interrupt the     host's services by forwarding all ports to the VM. (CVE-2021-4024)

  - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution     of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone     was used to determine the type of document during push and pull operations. Documents that contain both     manifests and layers fields could be interpreted as either a manifest or an index in the absence of an     accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a     client may interpret the resulting content differently. The OCI Distribution Specification has been     updated to require that a mediaType value present in a manifest or index match the Content-Type header     used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type     header and reject an ambiguous document that contains both manifests and layers fields or manifests     and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)

  - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
    A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-     empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27649)

  - An incorrect handling of the supplementary groups in the Podman container engine might lead to the     sensitive information disclosure or possible data modification if an attacker has direct access to the     affected container where supplementary groups are used to set access permissions and is able to execute a     binary code in that container. (CVE-2022-2989)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4592-1 advisory.

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4593-1 advisory.

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4150-1 advisory.

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4151-1 advisory.

  - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows     malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious     container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other     containers, to redirect traffic to the malicious container. (CVE-2020-10749)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3766-1 advisory.

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

  - An incorrect handling of the supplementary groups in the Buildah container engine might lead to the     sensitive information disclosure or possible data modification if an attacker has direct access to the     affected container where supplementary groups are used to set access permissions and is able to execute a     binary code in that container. (CVE-2022-2990)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3655-1 advisory.

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

  - An incorrect handling of the supplementary groups in the Buildah container engine might lead to the     sensitive information disclosure or possible data modification if an attacker has direct access to the     affected container where supplementary groups are used to set access permissions and is able to execute a     binary code in that container. (CVE-2022-2990)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3480-1 advisory.

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

  - A flaw was found in buildah where containers were incorrectly started with non-empty default permissions.
    A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty     inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file     capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the     potential to impact confidentiality and integrity. (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0770-1 advisory.

  - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise     Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the     container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack     and steal login credentials or bearer tokens. (CVE-2019-10214)

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0770-1 advisory.

  - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise     Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the     container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack     and steal login credentials or bearer tokens. (CVE-2019-10214)

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-fb466fb623 advisory.

  - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1.
    When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use     special elements such as ../ separators to reference binaries elsewhere on the system. This flaw allows     an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The     highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
    (CVE-2021-20206)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
171408	SUSE SLES15 Security Update : podman (SUSE-SU-2023:0326-1)	Nessus	SuSE Local Security Checks	high
170750	SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)	Nessus	SuSE Local Security Checks	high
168958	SUSE SLES15 Security Update : cni (SUSE-SU-2022:4592-1)	Nessus	SuSE Local Security Checks	high
168954	SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2022:4593-1)	Nessus	SuSE Local Security Checks	high
168126	SUSE SLES15 Security Update : cni (SUSE-SU-2022:4150-1)	Nessus	SuSE Local Security Checks	high
168081	SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2022:4151-1)	Nessus	SuSE Local Security Checks	high
166586	SUSE SLED15 / SLES15 Security Update : buildah (SUSE-SU-2022:3766-1)	Nessus	SuSE Local Security Checks	high
166296	SUSE SLES15 Security Update : buildah (SUSE-SU-2022:3655-1)	Nessus	SuSE Local Security Checks	high
165613	SUSE SLES15 Security Update : buildah (SUSE-SU-2022:3480-1)	Nessus	SuSE Local Security Checks	high
159162	SUSE SLES15 Security Update : buildah (SUSE-SU-2022:0770-1)	Nessus	SuSE Local Security Checks	high
158778	openSUSE 15 Security Update : buildah (openSUSE-SU-2022:0770-1)	Nessus	SuSE Local Security Checks	high
146906	Fedora 33 : 1:skopeo / 2:podman / 4:containers-common / buildah / containernetworking-plugins (2021-fb466fb623)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2021-20206

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high