CVE-2024-25621 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2…
High CVSS: 7.3

CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.
Vendor
Linuxfoundation
Product
Containerd
CWE
CWE-279
Yayın Tarihi
2025-11-06 19:15:40
Güncelleme
2025-12-31 02:29:30
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-279 Containerd HIGH Linuxfoundation 2025

Referanslar

https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w