Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-27650

Опубликовано: 30 мар. 2022
Источник: redhat
CVSS3: 5.6

Описание

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Отчет

This issue is related to the general vulnerability found in Moby (Docker Engine), which has been assigned CVE-2022-24769. Among the supported OpenShift Container Platform releases, only v4.10 is affected by this flaw.

Меры по смягчению последствий

The entry point of a container can be modified to use a utility like capsh(1) to drop inheritable capabilities prior to the primary process starting.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8container-tools:4.0/crunNot affected
Red Hat Enterprise Linux 9crunNot affected
Red Hat OpenShift Container Platform 4crunFix deferred
Red Hat Enterprise Linux 8container-toolsFixedRHSA-2022:176210.05.2022
Red Hat Enterprise Linux 8container-toolsFixedRHSA-2022:179310.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2066845crun: Default inheritable capabilities for linux container should be empty

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-27650

CVSS3: 7.5
ubuntu
около 3 лет назад

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

nvd логотип

CVE-2022-27650

CVSS3: 7.5
nvd
около 3 лет назад

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

debian логотип

CVE-2022-27650

CVSS3: 7.5
debian
около 3 лет назад

A flaw was found in crun where containers were incorrectly started wit ...

rocky логотип

RLSA-2022:1793

rocky
около 3 лет назад

Moderate: container-tools:3.0 security and bug fix update

oracle-oval логотип

ELSA-2022-1793

oracle-oval
около 3 лет назад

ELSA-2022-1793: container-tools:3.0 security and bug fix update (MODERATE)

5.6 Medium

CVSS3