Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38883

HistoryJan 17, 2023 - 2:45 p.m.

Information Disclosure

2023-01-1714:45:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

lxc

vulnerability

local users

protected directories

sensitive information

EPSS

0

Percentile

5.1%

lxc is vulnerable to information disclosure. The vulnerability allows local users to infer whether any file exists, even within a protected directory tree, because Failed to open often indicates that a file does not exist, whereas does not refer to a network namespace path often indicates that a file exists which allows the attacker to gain access to sensitive user information.

References

bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45

github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274

github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104

github.com/MaherAzzouzi/CVE-2022-47952

lists.debian.org/debian-lts-announce/2023/08/msg00025.html

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

secdb.alpinelinux.org/v3.15/main.yaml

secdb.alpinelinux.org/v3.16/main.yaml

secdb.alpinelinux.org/v3.17/main.yaml

EPSS

0

Percentile

5.1%

Related for VERACODE:38883

redos1 openvas9 osv3 debian1 debiancve1 nessus9 nvd1 ubuntucve1 prion1 cve1 alpinelinux1 cvelist1