CVE-2022-42150

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements	Exploit Third Party Advisory
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json	Patch
https://github.com/tinyclub/linux-lab/issues/14	Issue Tracking
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
https://www.usenix.org/conference/usenixsecurity23/presentation/he	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tinylab:cloud_lab:0.8:rc2::::::
	cpe:2.3:a:tinylab:cloud_lab:1.1:rc1::::::
	cpe:2.3:a:tinylab:linux_lab:1.1:rc1::::::

History

07 Nov 2023, 03:53

Type	Values Removed	Values Added
References	~~{'url': 'https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo', 'name': 'https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}~~	() https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo -

26 Oct 2023, 14:36

Type	Values Removed	Values Added
First Time		Tinylab linux Lab Tinylab Tinylab cloud Lab
References	~~(MISC) https://github.com/tinyclub/linux-lab/issues/14 -~~	(MISC) https://github.com/tinyclub/linux-lab/issues/14 - Issue Tracking
References	~~(MISC) https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo -~~	(MISC) https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo - Exploit, Third Party Advisory
References	~~(MISC) https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json -~~	(MISC) https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json - Patch
References	~~(MISC) https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements -~~	(MISC) https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements - Exploit, Third Party Advisory
References	~~(MISC) https://www.usenix.org/conference/usenixsecurity23/presentation/he -~~	(MISC) https://www.usenix.org/conference/usenixsecurity23/presentation/he - Exploit, Third Party Advisory
CPE		cpe:2.3:a:tinylab:linux_lab:1.1:rc1:::::: cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:::::: cpe:2.3:a:tinylab:cloud_lab:1.1:rc1::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 10.0
CWE		CWE-276

19 Oct 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-19 20:15

Updated : 2023-12-10 15:14

NVD link : CVE-2022-42150

Mitre link : CVE-2022-42150

CVE.ORG link : CVE-2022-42150

JSON object : View

Products Affected

tinylab

cloud_lab
linux_lab

CWE

CWE-276

Incorrect Default Permissions

10.0 /10