CVE-2022-27649
HIGH7.5EPSS 0.51%Podman's default inheritable capabilities for linux container not empty in github.com/containers/podman
發布日:2022/4/1修改日:2026/4/28
描述
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
受影響套件(6)
- Debian/libpodfrom 0, < 3.0.1+dfsg1-3+deb11u2
- Go/github.com/containers/podmanfrom 0
- Go/github.com/containers/podman/v2from 0
- Go/github.com/containers/podman/v3from 0
- Go/github.com/containers/podman/v4from 0, < 4.0.3
- Go/github.com/containers/podman/v4from 0, < 4.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-27649
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-27649
- PATCHhttps://github.com/containers/podman
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2066568
- WEBhttps://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
- WEBhttps://github.com/containers/podman/releases/tag/v4.0.3
- WEBhttps://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX