CVE-2022-2990

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2121453
Exploit
Issue Tracking
Patch
Third Party Advisory
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2121453
Exploit
Issue Tracking
Patch
Third Party Advisory
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*

Версия до 1.27.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.001

Низкий

7.1 High

CVSS3

Дефекты

CWE-842

CWE-863

Связанные уязвимости

CVE-2022-2990

CVSS3: 7.1

ubuntu

почти 3 года назад

CVE-2022-2990

CVSS3: 7.1

redhat

почти 3 года назад

CVE-2022-2990

CVSS3: 7.1

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-2990

CVSS3: 7.1

debian

почти 3 года назад

An incorrect handling of the supplementary groups in the Buildah conta ...

SUSE-SU-2023:4099-1

suse-cvrf

больше 1 года назад

Security update for buildah

EPSS

Процентиль: 29%

0.001

Низкий

7.1 High

CVSS3

Дефекты

CWE-842

CWE-863