CVE-2021-41089
2.8 LOWMoby is an open-source project created by Docker to enable software containerization
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 2.8 LOW
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
- CWE
- CWE-281
Affected products
| Vendor | Product |
|---|---|
| fedoraproject | fedora, moby |
| mobyproject | fedora, moby |
Description
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41089
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- [Patch]https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
- [Other]https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- [Patch]https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
- [Other]https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
Related CVEs
Same vendor
- CVE-2026-42306 — Moby is an open source container framework (7.2 HIGH)
- CVE-2026-41568 — Moby is an open source container framework (6.1 MEDIUM)
- CVE-2024-28960 — An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto (8.2 HIGH)
- CVE-2023-51767 — OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer ... (7.0 HIGH)
- CVE-2023-43615 — Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow (7.5 HIGH)
Same CWE
- CVE-2026-40767 — Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions (7.5 HIGH)
- CVE-2024-47270 — Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 an... (2.7 LOW)
- CVE-2026-44832 — Snipe-IT is an IT asset/license management system (8.8 HIGH)
- CVE-2026-24194 — NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission han... (7.8 HIGH)
- CVE-2026-34744 — Mantis Bug Tracker (MantisBT) is an open source issue tracker