Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2022-27651

Published: April 4, 2022Last modified: November 8, 2023

Description

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Severity score breakdown

ParameterValue
Base score6.8
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSbuildahNot affected (1.28.2-r4)
StreambuildahNot affected (1.31.3-r0)

References

ON THIS PAGE