Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27651

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Published

2022-04-04T20:15:10.990

Last Modified

2024-11-21T06:56:06.213

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	buildah_project	buildah	< 1.25.0	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2066840 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b Patch, Third Party Advisory ([email protected])
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25YI27MENCEPZTTGRVU6BQD5V53FNI52/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NETC7I6RTMMBRJJQVJOJUPDK4W4PQSJ/ ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2066840 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25YI27MENCEPZTTGRVU6BQD5V53FNI52/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NETC7I6RTMMBRJJQVJOJUPDK4W4PQSJ/ (af854a3a-2127-422b-91ae-364da2661108)