CVE-2022-42150

Опубликовано: 19 окт. 2023

Источник: nvd

CVSS3: 10

EPSS Низкий

Описание

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Ссылки

https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
Exploit
Third Party Advisory
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
Patch
https://github.com/tinyclub/linux-lab/issues/14
Issue Tracking
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
https://www.usenix.org/conference/usenixsecurity23/presentation/he
Exploit
Third Party Advisory
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
Exploit
Third Party Advisory
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
Patch
https://github.com/tinyclub/linux-lab/issues/14
Issue Tracking
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
https://www.usenix.org/conference/usenixsecurity23/presentation/he
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:tinylab:cloud_lab:1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:tinylab:linux_lab:1.1:rc1:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.0026

Низкий

10 Critical

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-5vgg-9h5w-h365