Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASNITRO-ENCLAVES-2023-022.NASL
HistoryApr 06, 2023 - 12:00 a.m.

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2023-022)

2023-04-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
amazon linux 2
docker
vulnerabilities
moby
insecure permissions
alas2nitro-enclaves-2023-022
cve-2022-36109
cve-2022-37708

EPSS

0.002

Percentile

56.3%

JSON

The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-022 advisory.

  • Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the USER $USERNAME Dockerfile instruction. Instead by calling ENTRYPOINT [su, -, user] the supplementary groups will be set up properly. (CVE-2022-36109)

  • Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. (CVE-2022-37708)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASNITRO-ENCLAVES-2023-022.
##

include('compat.inc');

if (description)
{
  script_id(173942);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/14");

  script_cve_id("CVE-2022-36109", "CVE-2022-37708");

  script_name(english:"Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2023-022)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-022 advisory.

  - Moby is an open-source project created by Docker to enable software containerization. A bug was found in
    Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access
    to a container and manipulates their supplementary group access, they may be able to use supplementary
    group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive
    information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker
    Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For
    users unable to upgrade, this problem can be worked around by not using the `USER $USERNAME` Dockerfile
    instruction. Instead by calling `ENTRYPOINT [su, -, user]` the supplementary groups will be set up
    properly. (CVE-2022-36109)

  - Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside
    the Docker container can access any files within the Docker container. (CVE-2022-37708)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2023-022.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-36109.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-37708.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update docker' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-36109");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'docker-20.10.22-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'docker-20.10.22-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'docker-debuginfo-20.10.22-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'docker-debuginfo-20.10.22-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker / docker-debuginfo");
}
VendorProductVersionCPE
amazonlinux2cpe:/o:amazon:linux:2
amazonlinuxdocker-debuginfop-cpe:/a:amazon:linux:docker-debuginfo
amazonlinuxdockerp-cpe:/a:amazon:linux:docker

Related

nessus 15
nvd 2
ubuntucve 2
cve 2
redhatcve 2
debiancve 2
cnvd 1
openvas 10
cvelist 2
fedora 3
github 2
prion 1
veracode 1
ibm 6
alpinelinux 1
mageia 1
osv 12
nessus
nessus
Amazon Linux 2 : docker (ALASDOCKER-2023-022)
2023-04-06 00:00:00
Amazon Linux 2 : docker (ALASECS-2023-013)
2023-10-20 00:00:00
Amazon Linux 2 : docker (ALASDOCKER-2023-024)
2023-05-01 00:00:00
nvd
nvd
CVE-2022-37708
2023-01-31 22:15:08
CVE-2022-36109
2022-09-09 18:15:10
ubuntucve
ubuntucve
CVE-2022-37708
2023-01-31 00:00:00
CVE-2022-36109
2022-09-09 00:00:00
cve
cve
CVE-2022-37708
2023-01-31 22:15:08
CVE-2022-36109
2022-09-09 18:15:10
redhatcve
redhatcve
CVE-2022-37708
2023-02-01 09:37:42
CVE-2022-36109
2022-09-15 21:14:14
debiancve
debiancve
CVE-2022-37708
2023-01-31 22:15:00
CVE-2022-36109
2022-09-09 18:15:10
cnvd
cnvd
Docker authorization issue vulnerability
2023-02-07 00:00:00
openvas
openvas
Docker <= 20.10.15 build fd8262 Insecure Permissions Vulnerability
2023-02-24 00:00:00
Fedora: Security Advisory for containerd (FEDORA-2022-8298607490)
2022-09-16 00:00:00
Fedora: Security Advisory for moby-engine (FEDORA-2022-b027a13a39)
2022-09-16 00:00:00
cvelist
cvelist
CVE-2022-37708
1976-01-01 00:00:00
CVE-2022-36109 Moby vulnerability relating to supplementary group permissions
2022-09-09 17:20:11
fedora
fedora
[SECURITY] Fedora 36 Update: moby-engine-20.10.18-1.fc36
2022-09-15 01:57:00
[SECURITY] Fedora 37 Update: moby-engine-20.10.18-1.fc37
2022-09-16 00:18:25
[SECURITY] Fedora 37 Update: containerd-1.6.8-2.fc37
2022-09-16 00:18:25
github
github
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
2022-09-16 21:00:46
Supplementary groups are not set up properly in github.com/containerd/containerd
2023-02-16 14:11:33
prion
prion
Information disclosure
2022-09-09 18:15:00
veracode
veracode
Information Disclosure
2022-09-12 11:25:08
ibm
ibm
Security Bulletin: Vunerability in docker engine affect pattern Type shipped with Cloud Pak System (CVE-2022-36109)
2023-12-04 16:01:32
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 16:59:33
Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server
2022-10-14 21:28:51
alpinelinux
alpinelinux
CVE-2022-36109
2022-09-09 18:15:10
mageia
mageia
Updated docker packages fix security vulnerability
2023-01-24 10:58:24
osv
osv
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
2022-09-16 21:00:46
CVE-2022-36109
2022-09-09 18:15:10
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
2022-09-14 00:00:48

EPSS

0.002

Percentile

56.3%

JSON
Related for AL2_ALASNITRO-ENCLAVES-2023-022.NASL
nessus15nvd2ubuntucve2cve2redhatcve2debiancve2cnvd1openvas10cvelist2fedora3github2prion1veracode1ibm6alpinelinux1mageia1osv12