CVE-2021-33638 - Vulnerability Details - OpenCVE

Description

When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.

Published: 2023-10-29

Score: 8.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

openEuler

iSulad

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2

Configuration 1 [-]

OR	cpe:2.3:a:openeuler:isula:2.0.8-20210518.144540:::::::*
	cpe:2.3:a:openeuler:isula:2.0.18-10:::::::*
	cpe:2.3:a:openeuler:isula:2.1.2:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-20315	When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://gitee.com/src-openeuler/iSulad/pulls/600/files
https://gitee.com/src-openeuler/iSulad/pulls/627/files
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686

History

No history.

Subscriptions

Openeuler Isula

MITRE

Status: PUBLISHED

Assigner: openEuler

Published: 2023-10-29T07:59:45.026Z

Updated: 2024-09-09T14:09:44.635Z

Reserved: 2021-05-28T14:26:05.943Z

Link: CVE-2021-33638

Vulnrichment

Updated: 2024-08-03T23:58:22.075Z

NVD

Status : Modified

Published: 2023-10-29T08:15:20.823

Modified: 2024-11-21T06:09:15.173

Link: CVE-2021-33638

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-33638", "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "state": "PUBLISHED", "assignerShortName": "openEuler", "dateReserved": "2021-05-28T14:26:05.943Z", "datePublished": "2023-10-29T07:59:45.026Z", "dateUpdated": "2024-09-09T14:09:44.635Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://gitee.com/src-openeuler", "defaultStatus": "unaffected", "modules": ["image"], "packageName": "iSulad", "platforms": ["Linux"], "product": "iSulad", "programFiles": ["https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"], "repo": "https://gitee.com/src-openeuler/iSulad", "vendor": "openEuler", "versions": [{"changes": [{"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch", "status": "unaffected"}, {"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch", "status": "unaffected"}], "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2", "status": "affected", "version": "0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "panwenjie2@huawei.com"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"}], "value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"}], "impacts": [{"capecId": "CAPEC-480", "descriptions": [{"lang": "en", "value": "CAPEC-480 Escaping Virtualization"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler", "dateUpdated": "2023-10-29T07:59:45.026Z"}, "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"}], "source": {"discovery": "UNKNOWN"}, "title": "Run copy with container in a malicious directory may cause container escaping", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:22.075Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T14:09:31.917709Z", "id": "CVE-2021-33638", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T14:09:44.635Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:22.075Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-33638", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T14:09:31.917709Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T14:09:38.715Z"}}], "cna": {"title": "Run copy with container in a malicious directory may cause container escaping", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "panwenjie2@huawei.com"}], "impacts": [{"capecId": "CAPEC-480", "descriptions": [{"lang": "en", "value": "CAPEC-480 Escaping Virtualization"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitee.com/src-openeuler/iSulad", "vendor": "openEuler", "modules": ["image"], "product": "iSulad", "versions": [{"status": "affected", "changes": [{"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch", "status": "unaffected"}, {"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch", "status": "unaffected"}], "version": "0", "versionType": "patch", "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2"}], "platforms": ["Linux"], "packageName": "iSulad", "programFiles": ["https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"], "collectionURL": "https://gitee.com/src-openeuler", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-665", "description": "CWE-665 Improper Initialization"}]}], "providerMetadata": {"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler", "dateUpdated": "2023-10-29T07:59:45.026Z"}}}, "cveMetadata": {"cveId": "CVE-2021-33638", "state": "PUBLISHED", "dateUpdated": "2024-09-09T14:09:44.635Z", "dateReserved": "2021-05-28T14:26:05.943Z", "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "datePublished": "2023-10-29T07:59:45.026Z", "assignerShortName": "openEuler"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openeuler:isula:2.0.8-20210518.144540:*:*:*:*:*:*:*", "matchCriteriaId": "51FA2EC1-A161-4862-A120-CD48ABF49BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openeuler:isula:2.0.18-10:*:*:*:*:*:*:*", "matchCriteriaId": "8848DE4D-ADA9-4E92-9FB9-DB53D3733173", "vulnerable": true}, {"criteria": "cpe:2.3:a:openeuler:isula:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3205F81-7008-467C-A79A-BBD521231D48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"}, {"lang": "es", "value": "Cuando el comando isula cp se usa para copiar archivos de un contenedor a una m\u00e1quina host y el contenedor est\u00e1 controlado por un atacante, el atacante puede escapar del contenedor."}], "id": "CVE-2021-33638", "lastModified": "2024-11-21T06:09:15.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "securities@openeuler.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-29T08:15:20.823", "references": [{"source": "securities@openeuler.org", "tags": ["Patch"], "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"}, {"source": "securities@openeuler.org", "tags": ["Patch"], "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"}, {"source": "securities@openeuler.org", "tags": ["Vendor Advisory"], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"}], "sourceIdentifier": "securities@openeuler.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "securities@openeuler.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}