CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
48.7%
software: buildah 1.30.0
AXIS: ROSA-CHROME
package_evr_string: buildah-1.30.0-2.src.rpm
CVE-ID: CVE-2022-27651
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby (Docker Engine) that caused containers to incorrectly run with non-empty inherited capabilities of Linux processes, allowing an attacker with access to programs with inherited file capabilities to elevate those capabilities to the allowed set when running execve(2). This could impact confidentiality and integrity.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update buildah
CVE-ID: CVE-2022-2990
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Improper handling of additional groups in the Buildah container engine could result in the disclosure of sensitive information or possible data modification if an attacker has direct access to the affected container, where additional groups are used to set permissions and can execute binary code. in that container.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update buildah
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
48.7%