6.1
CVE-2023-38496
- EPSS 0.04%
- Veröffentlicht 25.07.2023 22:15:10
- Zuletzt bearbeitet 21.11.2024 08:13:41
- Quelle security-advisories@github.com
- Teams Watchlist Login
- Unerledigt Login
Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lfprojects ≫ Apptainer Version1.2.0 Update- SwPlatformgo
Lfprojects ≫ Apptainer Version1.2.0 Updaterc2 SwPlatformgo
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| security-advisories@github.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-271 Privilege Dropping / Lowering Errors
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.