Описание
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Ссылки
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
A flaw was found in crun where containers were incorrectly started wit ...
ELSA-2022-1793: container-tools:3.0 security and bug fix update (MODERATE)
EPSS
7.5 High
CVSS3
6 Medium
CVSS2