Lucene search

GoogleOSV:CVE-2022-42150

HistoryOct 19, 2023 - 8:15 p.m.

CVE-2022-42150

2023-10-1920:15:08

Google

osv.dev

tinylab

linux-lab

cloud-labv0.8-rc2

v1.1-rc1

insecure permissions

container escape

software

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.4%

JSON

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

CPENameOperatorVersion
cloud-labeq0.7-rc2
cloud-labeq0.1-rc1
cloud-labeq0.6-rc1
cloud-labeq0.8-rc1
cloud-labeq0.1-rc3
cloud-labeq0.3
cloud-labeq0.4-rc1
cloud-labeq0.4-rc3
cloud-labeq0.2-rc1
cloud-labeq0.8-rc2

Name	Operator	Version
cloud-lab	eq	0.7-rc2
cloud-lab	eq	0.1-rc1
cloud-lab	eq	0.6-rc1
cloud-lab	eq	0.8-rc1
cloud-lab	eq	0.1-rc3
cloud-lab	eq	0.3
cloud-lab	eq	0.4-rc1
cloud-lab	eq	0.4-rc3
cloud-lab	eq	0.2-rc1
cloud-lab	eq	0.8-rc2

Rows per page:

1-10 of 301

References

github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements

github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json

github.com/tinyclub/linux-lab/issues/14

hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo

www.usenix.org/conference/usenixsecurity23/presentation/he

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for OSV:CVE-2022-42150