Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-47952
HistoryJan 01, 2023 - 6:15 a.m.

CVE-2022-47952

2023-01-0106:15:09
CWE-203
[email protected]
web.nvd.nist.gov
7
cve-2022-47952
lxc-user-nic
local users
file existence
protected directory tree

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4

Confidence

High

EPSS

0.001

Percentile

33.6%

JSON

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because “Failed to open” often indicates that a file does not exist, whereas “does not refer to a network namespace path” often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that “we will report back to the user that the open() failed but the user has no way of knowing why it failed”; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.

Affected configurations

Nvd
Node
linuxcontainerslxcRange5.0.1
VendorProductVersionCPE
linuxcontainerslxc*cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*

Related

debiancve 2
nessus 15
ubuntucve 2
openvas 13
osv 5
prion 2
alpinelinux 2
cve 2
cvelist 2
redos 1
debian 1
veracode 1
ubuntu 1
gentoo 1
suse 5
nvd 1
debiancve
debiancve
CVE-2022-47952
2023-01-01 06:15:09
CVE-2018-6556
2018-08-10 15:29:01
nessus
nessus
EulerOS 2.0 SP11 : lxc (EulerOS-SA-2023-1763)
2023-05-08 00:00:00
EulerOS 2.0 SP9 : lxc (EulerOS-SA-2023-1476)
2023-03-08 00:00:00
EulerOS 2.0 SP11 : lxc (EulerOS-SA-2023-1785)
2023-05-08 00:00:00
ubuntucve
ubuntucve
CVE-2022-47952
2023-01-01 00:00:00
CVE-2018-6556
2018-08-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for lxc (EulerOS-SA-2023-1763)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for lxc (EulerOS-SA-2023-1785)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for lxc (EulerOS-SA-2023-1557)
2023-03-20 00:00:00
osv
osv
CVE-2022-47952
2023-01-01 06:15:09
lxc - security update
2023-08-17 00:00:00
liblxc-devel-5.0.2-1.1 on GA media
2024-06-15 00:00:00
prion
prion
Path traversal
2023-01-01 06:15:00
Design/Logic Flaw
2018-08-10 15:29:00
alpinelinux
alpinelinux
CVE-2022-47952
2023-01-01 06:15:09
CVE-2018-6556
2018-08-10 15:29:01
cve
cve
CVE-2022-47952
2023-01-01 06:15:09
CVE-2018-6556
2018-08-10 15:29:01
cvelist
cvelist
CVE-2022-47952
2023-01-01 00:00:00
CVE-2018-6556 The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
2018-08-10 15:00:00
redos
redos
ROS-20240625-02
2024-06-25 00:00:00
debian
debian
[SECURITY] [DLA 3533-1] lxc security update
2023-08-21 20:49:49
veracode
veracode
Information Disclosure
2023-01-17 14:45:47
ubuntu
ubuntu
LXC vulnerability
2018-08-06 00:00:00
gentoo
gentoo
LinuX Containers user space utilities: Arbitrary file read
2018-08-22 00:00:00
suse
suse
Security update for lxc (moderate)
2019-04-18 00:00:00
Security update for lxc (moderate)
2018-08-13 21:09:16
Security update for lxc, lxcfs (important)
2019-04-17 00:00:00
nvd
nvd
CVE-2018-6556
2018-08-10 15:29:01

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4

Confidence

High

EPSS

0.001

Percentile

33.6%

JSON
Related for NVD:CVE-2022-47952
debiancve2nessus15ubuntucve2openvas13osv5prion2alpinelinux2cve2cvelist2redos1debian1veracode1ubuntu1gentoo1suse5nvd1