Published: 09/09/2022 Updated: 07/11/2023

CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8

VMScore: 0

A flaw was found in Moby. This flaw allows an malicious user to bypass primary group restrictions due to a flaw in the supplementary group access setup. (CVE-2022-36109) Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. (CVE-2022-37708)

Vulnerable Product	Search on Vulmon	Subscribe to Product
mobyproject moby
fedoraproject fedora 36
fedoraproject fedora 37

Debian Bug report logs - #1019601 dockerio: CVE-2022-36109 Package: src:dockerio; Maintainer for src:dockerio is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 12 Sep 2022 20:39:17 UTC Severity: important Tags: security, upstream Found in ver ...

Moby is an open-source project created by Docker to enable software containerization A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group ...

A flaw was found in Moby This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup (CVE-2022-36109) Docker version 201015, build fd82621 is vulnerable to Insecure Permissions Unauthorized users outside the Docker container can access any files within the Docker container (CVE-2022- ...

A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads Kubernetes and crictl can both be config ...

A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose pot ...

NVD-CWE-Other https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 https://github.com/moby/moby/releases/tag/v20.10.18 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-36109 https://alas.aws.amazon.com/AL2/ALASECS-2023-013.html

CVE-2022-36109

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect