Published: 13/09/2022 Updated: 12/02/2023

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 0

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Vulnerable Product	Search on Vulmon	Subscribe to Product
buildah project buildah
redhat enterprise linux 7.0
redhat enterprise linux 8.0
redhat openshift container platform 4.0
redhat enterprise linux 9.0

Synopsis Moderate: OpenShift Container Platform 4130 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4130 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Low: podman security, bug fix, and enhancement update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update ...

Synopsis Low: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Ha ...

Synopsis Important: OpenShift Container Platform 4130 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4130 is now available with updates to packages and ima ...

Synopsis Moderate: buildah security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for buildah is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...

Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linu ...

CWE-842 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/https://bugzilla.redhat.com/show_bug.cgi?id=2121453 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:1328

CVE-2022-2990

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect