5.9 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
github.com/moby/moby is vulnerable to authentication bypass. The vulnerability exists because the default inheritable capabilities for linux container is not empty which allows an unauthorized user to bypass access restrictions.
www.openwall.com/lists/oss-security/2022/05/12/1
github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f
github.com/moby/moby/releases/tag/v20.10.14
github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq
lists.fedoraproject.org/archives/list/[email protected]/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC/
lists.fedoraproject.org/archives/list/[email protected]/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG/
lists.fedoraproject.org/archives/list/[email protected]/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY/
lists.fedoraproject.org/archives/list/[email protected]/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL/
lists.fedoraproject.org/archives/list/[email protected]/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH/
lists.fedoraproject.org/archives/list/[email protected]/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7/
www.debian.org/security/2022/dsa-5162
5.9 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P