Lucene search

K
cvePalo_altoCVE-2022-0071
HistoryApr 19, 2022 - 11:15 p.m.

CVE-2022-0071

2022-04-1923:15:13
CWE-269
CWE-250
palo_alto
web.nvd.nist.gov
94
cve
2022
0071
incomplete fix
cve-2021-3101
hotdog
resource limits
device restrictions
syscall filters
target jvm process
container security
host resources
device modification
blocked syscalls

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

17.8%

Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked.

Affected configurations

Nvd
Node
hotdog_projecthotdogRange<1.0.2java
VendorProductVersionCPE
hotdog_projecthotdog*cpe:2.3:a:hotdog_project:hotdog:*:*:*:*:*:java:*:*

CNA Affected

[
  {
    "product": "Hotdog",
    "vendor": "Amazon Web Services",
    "versions": [
      {
        "lessThan": "1.0.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

17.8%