Seems like there is a more localized page available for your location.
Synology Bee 系列
群晖套件导览

Synology-SA-21:08 Docker

Publish Time: 2021-02-23 11:18:06 UTC+8

Last Updated: 2021-06-13 11:21:28 UTC+8

Severity
Low
Status
Resolved

Abstract

A vulnerability allows local users to read or write arbitrary files via a susceptible version of Docker.

Affected Products

Product Severity Fixed Release Availability
Docker Low Upgrade to 18.09.0-0515 or above.

Mitigation

None

Detail

  • CVE-2021-33183
    • Severity: Low
    • CVSS3 Base Score: 7.9
    • CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
    • Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.

Acknowledgement

Bing-Jhong Jheng

Revision

Revision Date Description
1 2021-02-23 Initial public release.
2 2021-06-10 Disclosed vulnerability details.