A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2066845 | Issue Tracking Third Party Advisory |
https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6 | Patch Third Party Advisory |
https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398 | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/ |
Configurations
History
07 Nov 2023, 03:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
13 Apr 2022, 17:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:crun_project:crun:*:*:*:*:*:*:*:* |
|
CWE | CWE-276 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 7.5 |
First Time |
Crun Project crun
Fedoraproject fedora Redhat enterprise Linux Redhat Crun Project Redhat openshift Container Platform Fedoraproject |
|
References | (MISC) https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2066845 - Issue Tracking, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/ - Mailing List, Release Notes, Third Party Advisory |
08 Apr 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-04 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-27650
Mitre link : CVE-2022-27650
CVE.ORG link : CVE-2022-27650
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- enterprise_linux
- openshift_container_platform
crun_project
- crun
CWE
CWE-276
Incorrect Default Permissions