Lucene search

MitreCVE-2018-16359

HistorySep 02, 2018 - 10:29 p.m.

CVE-2018-16359

2018-09-0222:29:00

mitre

web.nvd.nist.gov

google

gvisor

seccomp

sandbox

unauthorized access

file renaming

nvd

cve-2018-16359

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

25.3%

JSON

Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.

Affected configurations

Nvd

Node

googlegvisorRange<2018-08-23

VendorProductVersionCPE
googlegvisor*cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	gvisor	*	cpe:2.3:a:google:gvisor::::::::

References

bugs.chromium.org/p/project-zero/issues/detail?id=1632

github.com/google/gvisor/commit/001a4c2493b13a43d62c7511fb509a959ae4abc2

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

25.3%

JSON

Related for CVE-2018-16359