Bump containerd to v1.5.9 #613
Labels
Comments
jrussett
added a commit
that referenced
this issue
Jan 6, 2022
Addresses [CVE-2021-43816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43816) > On installations ... with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), > an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, > regular file on disk for complete read/write access (sans delete). [#180828310](https://www.pivotaltracker.com/story/show/180828310)
jrussett
added a commit
that referenced
this issue
Jan 6, 2022
Addresses [CVE-2021-43816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43816) > On installations ... with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), > an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, > regular file on disk for complete read/write access (sans delete). [#180828310](https://www.pivotaltracker.com/story/show/180828310)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Addresses CVE-2021-43816
On installations ... with
containerdsince v1.5.0-beta.0 as the backing container runtime interface (CRI),an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged,
regular file on disk for complete read/write access (sans delete).
Additional Info
The text was updated successfully, but these errors were encountered: