Lucene search

[email protected]CVE-2022-2989

HistorySep 13, 2022 - 2:15 p.m.

CVE-2022-2989

2022-09-1314:15:00

CWE-842

[email protected]

web.nvd.nist.gov

197

cve-2022-2989

podman

container engine

supplementary groups

information security

data modification

vulnerability

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

3.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

16.3%

JSON

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CPENameOperatorVersion
podman_project:podmanpodman project podmaneq*
redhat:enterprise_linuxredhat enterprise linuxeq7.0
redhat:openshift_container_platformredhat openshift container platformeq3.11
redhat:enterprise_linuxredhat enterprise linuxeq8.0
redhat:openshift_container_platformredhat openshift container platformeq4.0
redhat:enterprise_linuxredhat enterprise linuxeq9.0

CPE	Name	Operator	Version
podman_project:podman	podman project podman	eq	*
redhat:enterprise_linux	redhat enterprise linux	eq	7.0
redhat:openshift_container_platform	redhat openshift container platform	eq	3.11
redhat:enterprise_linux	redhat enterprise linux	eq	8.0
redhat:openshift_container_platform	redhat openshift container platform	eq	4.0
redhat:enterprise_linux	redhat enterprise linux	eq	9.0