7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
35.0%
A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container.
bugzilla.redhat.com/show_bug.cgi?id=2174485
github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
github.com/containerd/containerd/releases/tag/v1.5.18
github.com/containerd/containerd/releases/tag/v1.6.18
github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
nvd.nist.gov/vuln/detail/CVE-2023-25173
www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
www.cve.org/CVERecord?id=CVE-2023-25173