CVE-2022-27649
Published Apr 4, 2022
Last updated a year ago
Overview
- Description
- A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "604D6316-6B11-47F6-8016-A0091A2B9003",
"versionEndExcluding": "4.0.3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1"
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3538B4DC-0F7D-4574-8F31-07D52AC854A0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4063768E-67FA-4940-8A0C-101C1EFD0D7E"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EF5C4AC-CA69-41E3-AD93-7AC21931374A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7614E5D3-4643-4CAE-9578-9BB9D558211F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
}
],
"operator": "OR"
}
]
}
]