CVE-2022-2989

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2121445
Exploit
Issue Tracking
Patch
Third Party Advisory
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2121445
Exploit
Issue Tracking
Patch
Third Party Advisory
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

7.1 High

CVSS3

Дефекты

CWE-842

CWE-863

Связанные уязвимости

CVE-2022-2989

CVSS3: 7.1

ubuntu

больше 3 лет назад

CVE-2022-2989

CVSS3: 3.6

redhat

больше 3 лет назад

CVE-2022-2989

CVSS3: 7.1

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-2989

CVSS3: 7.1

debian

больше 3 лет назад

An incorrect handling of the supplementary groups in the Podman contai ...

SUSE-SU-2022:3820-1

suse-cvrf

около 3 лет назад

Security update for podman

EPSS

Процентиль: 14%

0.00045

Низкий

7.1 High

CVSS3

Дефекты

CWE-842

CWE-863