CVE-2022-27652

Опубликовано: 18 апр. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 4.6

EPSS Низкий

Описание

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2066839
Issue Tracking
Third Party Advisory
https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6
Mitigation
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2066839
Issue Tracking
Third Party Advisory
https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*

Версия до 20.10.14 (исключая)

Конфигурация 4

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00021

Низкий

5.3 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

CVE-2022-27652

CVSS3: 5.3

ubuntu

почти 4 года назад

CVE-2022-27652

CVSS3: 4.8

redhat

почти 4 года назад

CVE-2022-27652

CVSS3: 5.3

debian

почти 4 года назад

A flaw was found in cri-o, where containers were incorrectly started w ...

GHSA-4hj2-r2pm-3hc6

CVSS3: 4.8

github

почти 4 года назад

Incorrect Default Permissions in CRI-O

EPSS

Процентиль: 5%

0.00021

Низкий

5.3 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276