Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-27649

Published: 04/04/2022 Updated: 07/11/2023
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Podman

Vulnerability Summary

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

podman project podman

redhat enterprise linux 8.0

redhat developer tools 1.0

redhat openshift container platform 4.0

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server update services for sap solutions 8.4

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for ibm z systems eus 8.4

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for power little endian eus 8.4

redhat enterprise linux server for power little endian update services for sap solutions 8.4

redhat enterprise linux server for power little endian update services for sap solutions 8.6

redhat enterprise linux server update services for sap solutions 8.6

redhat enterprise linux for ibm z systems 8.6

redhat enterprise linux for ibm z systems eus 8.6

redhat enterprise linux server aus 8.6

redhat enterprise linux server tus 8.6

redhat enterprise linux eus 8.6

redhat enterprise linux 8.6

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Debian CVElist Bug Report Logs: libpod: CVE-2022-27649
Debian Bug report logs - #1020906 libpod: CVE-2022-27649 Package: src:libpod; Maintainer for src:libpod is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Vignesh Raman <vigneshraman@collaboracom> Date: Wed, 28 Sep 2022 10:24:02 UTC Severity: important Tags: patch, security Foun ...
Red Hat: Moderate: container-tools:2.0 security and bug fix update
Synopsis Moderate: container-tools:20 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:20 module is now available for Red Hat Enterprise Linux 84 Extended Upd ...
Red Hat: Important: container-tools:rhel8 security, bug fix, and enhancement update
Synopsis Important: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Li ...
Red Hat: Important: container-tools:3.0 security update
Synopsis Important: container-tools:30 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:30 module is now available for Red Hat Enterprise Linux 84 Extended Update Suppor ...
Red Hat: Important: container-tools:2.0 security update
Synopsis Important: container-tools:20 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:20 module is now available for Red Hat Enterprise Linux 82 Extended Update Suppor ...
Red Hat:
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities This flaw allows an attacker with access to programs with inheritable file capabilities to eleva ...

References

CWE-276https://bugzilla.redhat.com/show_bug.cgi?id=2066568https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58jhttps://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020906https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook