7.5
CVE-2022-27650
- EPSS 1.12%
- Veröffentlicht 04.04.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 06:56:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Crun Project ≫ Crun Version < 1.4.4
Fedoraproject ≫ Fedora Version34
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.12% | 0.62 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://bugzilla.redhat.com/show_bug.cgi?id=2066845
https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6
https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/