Lucene search

K
cvelistRedhatCVELIST:CVE-2022-27651
HistoryApr 04, 2022 - 7:45 p.m.

CVE-2022-27651

2022-04-0419:45:44
CWE-276
redhat
www.cve.org
5
buildah
moby
containers
permissions
linux process capabilities
confidentiality
integrity

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

48.7%

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

CNA Affected

[
  {
    "product": "buildah",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Affects buildah v1.24.0 and prior, Fixed in - v1.25.0"
      }
    ]
  }
]