Design/Logic Flaw

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft ...

CVE-2023-38496 Apptainer's ineffective privileges drop when requesting container network

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft ...

Ineffective privileges drop when requesting container network

Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an...

Apptainer 安全漏洞

Apptainer is a Linux open source container platform from Apptainer Open Source. A security vulnerability exists in Apptainer version 1.2.0-rc.2, which stems from the introduction of an invalid privilege drop when requesting container network settings, resulting in subsequent functions being calle...

PT-2023-26477 · Apptainer · Apptainer

Name of the Vulnerable Software and Affected Versions: Apptainer versions 1.2.0-rc.2 through 1.2.0 Description: Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are...