Details of VAR-202106-1169

ID

VAR-202106-1169

CVE

CVE-2021-33183

TITLE

Synology Docker Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2021-007584

DESCRIPTION

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. Synology Docker Contains a path traversal vulnerability.Information may be obtained and information may be tampered with. Docker is an open source application container engine developed by American Docker Company. This product supports the creation of a container (lightweight virtual machine) on a Linux system and the deployment and operation of applications, as well as the automatic installation, deployment and upgrade of applications through configuration files

Trust: 1.71

sources: NVD: CVE-2021-33183 // JVNDB: JVNDB-2021-007584 // VULHUB: VHN-393197

AFFECTED PRODUCTS

vendor:	synology	model:	docker	scope:	lt	version:	18.09.0-0515	Trust: 1.0
vendor:	synology	model:	docker	scope:	eq	version:	18.09.0-0515	Trust: 0.8
vendor:	synology	model:	docker	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007584 // NVD: CVE-2021-33183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33183
value:	HIGH
Trust: 1.0
security@synology.com:	CVE-2021-33183
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33183
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202106-078
value:	HIGH
Trust: 0.6
VULHUB:	VHN-393197
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-33183
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393197
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33183
baseSeverity:	HIGH
baseScore:	7.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	5.8
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-007584
baseSeverity:	HIGH
baseScore:	7.9
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393197 // JVNDB: JVNDB-2021-007584 // CNNVD: CNNVD-202106-078 // NVD: CVE-2021-33183 // NVD: CVE-2021-33183

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-393197 // JVNDB: JVNDB-2021-007584 // NVD: CVE-2021-33183

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-078

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202106-078

PATCH

title:	Synology-SA-21	url:	https://www.synology.com/security/advisory/Synology_SA_21_08	Trust: 0.8
title:	Docker Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152516	Trust: 0.6

sources: JVNDB: JVNDB-2021-007584 // CNNVD: CNNVD-202106-078

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33183	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007584	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-078	Trust: 0.7
db:	VULHUB	id:	VHN-393197	Trust: 0.1

sources: VULHUB: VHN-393197 // JVNDB: JVNDB-2021-007584 // CNNVD: CNNVD-202106-078 // NVD: CVE-2021-33183

REFERENCES

url:	https://www.synology.com/security/advisory/synology_sa_21_08	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33183	Trust: 1.4

sources: VULHUB: VHN-393197 // JVNDB: JVNDB-2021-007584 // CNNVD: CNNVD-202106-078 // NVD: CVE-2021-33183

SOURCES

db:	VULHUB	id:	VHN-393197
db:	JVNDB	id:	JVNDB-2021-007584
db:	CNNVD	id:	CNNVD-202106-078
db:	NVD	id:	CVE-2021-33183

LAST UPDATE DATE

2024-08-14T14:03:08.834000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393197	date:	2021-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-007584	date:	2022-02-17T06:42:00
db:	CNNVD	id:	CNNVD-202106-078	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2021-33183	date:	2021-06-10T15:53:51.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393197	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-007584	date:	2022-02-17T00:00:00
db:	CNNVD	id:	CNNVD-202106-078	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-33183	date:	2021-06-01T14:15:10.183