7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.3%
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/containers/podman/v4 | lt | 4.2.0 | |
github.com/containers/podman/v3 | lt | 3.0.1 |
access.redhat.com/errata/RHSA-2022:7822
access.redhat.com/errata/RHSA-2022:8008
access.redhat.com/errata/RHSA-2022:8431
access.redhat.com/security/cve/CVE-2022-2989
bugzilla.redhat.com/show_bug.cgi?id=2121445
github.com/containers/podman
github.com/containers/podman/pull/15618
github.com/containers/podman/pull/15677
github.com/containers/podman/pull/15696
nvd.nist.gov/vuln/detail/CVE-2022-2989
www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation