Ubuntu.comUB:CVE-2022-27649CVE-2022-27649
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%
A flaw was found in Podman, where containers were started incorrectly with
non-empty default permissions. A vulnerability was found in Moby (Docker
Engine), where containers were started incorrectly with non-empty
inheritable Linux process capabilities. This flaw allows an attacker with
access to programs with inheritable file capabilities to elevate those
capabilities to the permitted set when execve(2) runs.
References
bugzilla.redhat.com/show_bug.cgi?id=2066568
github.com/containers/podman/commit/7b368768c2990b9781b2b6813e1c7f91c7e6cb13 (v4.0.3)
github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 (main)
github.com/containers/podman/releases/tag/v4.0.3
github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
launchpad.net/bugs/cve/CVE-2022-27649
nvd.nist.gov/vuln/detail/CVE-2022-27649
security-tracker.debian.org/tracker/CVE-2022-27649
www.cve.org/CVERecord?id=CVE-2022-27649
Related
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%