Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.
References
Configurations
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
21 Jul 2023, 19:56
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
01 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/ - Mailing List, Third Party Advisory |
16 Sep 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Sep 2022, 15:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/moby/moby/releases/tag/v20.10.18 - Third Party Advisory | |
References | (CONFIRM) https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/ - Third Party Advisory | |
References | (MISC) https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 - Patch, Third Party Advisory | |
First Time |
Mobyproject moby
Mobyproject Fedoraproject Fedoraproject fedora |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:* |
15 Sep 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Sep 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-09 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-36109
Mitre link : CVE-2022-36109
CVE.ORG link : CVE-2022-36109
JSON object : View
Products Affected
fedoraproject
- fedora
mobyproject
- moby
CWE