CVE-2022-2990

Exploit

EPSS 0.13%
Published 13.09.2022 14:15:08
Last modified 21.11.2024 07:02:02
Source secalert@redhat.com
Teams watchlist Login
Open Login

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Affected products Warnungen 0 Metrics 2 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Buildah Project ≫ Buildah Version < 1.27.1

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.329

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-842 Placement of User into Incorrect Group

The product or the administrator places a user into an incorrect group.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

Third Party Advisory

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=2121453

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-2990

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2990

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2990

EUVD