7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
16.3%
An incorrect handling of the supplementary groups in the Buildah container
engine might lead to the sensitive information disclosure or possible data
modification if an attacker has direct access to the affected container
where supplementary groups are used to set access permissions and is able
to execute a binary code in that container.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | golang-github-containers-buildah | < any | UNKNOWN |
ubuntu | 23.10 | noarch | golang-github-containers-buildah | < any | UNKNOWN |
bugzilla.redhat.com/show_bug.cgi?id=2121453
github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255
github.com/containers/buildah/pull/4200
launchpad.net/bugs/cve/CVE-2022-2990
nvd.nist.gov/vuln/detail/CVE-2022-2990
security-tracker.debian.org/tracker/CVE-2022-2990
www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
www.cve.org/CVERecord?id=CVE-2022-2990
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
16.3%