CVE-2022-42150

Exploit

EPSS 0.26%
Veröffentlicht 19.10.2023 20:15:08
Zuletzt bearbeitet 21.11.2024 07:24:27
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tinylab ≫ Cloud Lab Version0.8 Updaterc2

Tinylab ≫ Cloud Lab Version1.1 Updaterc1

Tinylab ≫ Linux Lab Version1.1 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.491

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements

Third Party Advisory

Exploit

https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json

Patch

https://github.com/tinyclub/linux-lab/issues/14

Issue Tracking

https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo

https://www.usenix.org/conference/usenixsecurity23/presentation/he

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-42150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42150

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-42150