CVE-2022-27649

🗓️ 31 Mar 2022 20:48:29Reported by redhat.comType

A flaw in Podman and Moby allows container to start with incorrect permissions and inheritable Linux process capabilities, enabling capability elevation in execve(2) run

Reporter	Title	Published	Views	Family All 267
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202318:56	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202316:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-24769)	19 Apr 202212:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server	14 Oct 202221:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	18 Aug 202504:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana	19 Jul 202421:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift	29 Aug 202415:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Files or Directories Accessible to External Parties in Grafana (CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109)	5 Aug 202419:51	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package podman version 4.0.3-alt1	8 Apr 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package docker-engine version 20.10.14-alt1	1 Apr 202200:00	–	altlinux

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-27649
github	www.github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

17 Nov 2024 00:31Current

4.9Medium risk

Vulners AI Score4.9

CVSS 26

CVSS 3.15 - 7.5

EPSS0.00508

CWE-276