Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions

🗓️ 16 Sep 2022 21:00:46Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 38 Views

Moby supplementary group permissions bug allows attackers to bypass primary group restrictions, fixed in 20.10.1

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Open Source Dependency Vulnerability
15 May 202318:56
ibm
IBM Security Bulletins		Security Bulletin: Open Source Dependency Vulnerability
15 May 202316:59
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server
14 Oct 202221:28
ibm
IBM Security Bulletins		Security Bulletin: Vunerability in docker engine affect pattern Type shipped with Cloud Pak System (CVE-2022-36109)
4 Dec 202315:45
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
18 Aug 202504:31
ibm
IBM Security Bulletins		Security Bulletin: IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana
19 Jul 202421:46
ibm
IBM Security Bulletins		Security Bulletin: IBM Storage Ceph is vulnerable to Files or Directories Accessible to External Parties in Grafana (CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109)
5 Aug 202419:51
ibm
Tenable Nessus		Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-156)
20 Oct 202200:00
nessus
Tenable Nessus		Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-210)
25 Jan 202300:00
nessus
Tenable Nessus		Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-079)
21 Mar 202300:00
nessus
Rows per page
Vulners
Node
dockerdockerRange<20.10.18go
SourceLink
githubwww.github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
nvdwww.nvd.nist.gov/vuln/detail/CVE-2022-36109
githubwww.github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
githubwww.github.com/moby/moby/releases/tag/v20.10.18
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ
benthamsgazewww.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
githubwww.github.com/advisories/GHSA-rc4r-wh2q-q6c4
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jan 2025 15:55Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.15.3 - 6.3
EPSS0.00039
SSVC
CWE-863
mobydocker enginesecurity buggroup permissionsaccess restrictionssoftware containerization
38