7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
7.0%
github.com/containers/podman is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to improper handling of the supplementary groups in the Podman container engine which allows an attacker to gain access to containers and execute arbitrary codes.
access.redhat.com/errata/RHSA-2022:7822
access.redhat.com/errata/RHSA-2022:8008
access.redhat.com/errata/RHSA-2022:8431
access.redhat.com/security/cve/CVE-2022-2989
bugzilla.redhat.com/show_bug.cgi?id=2121445
github.com/advisories/GHSA-4wjj-jwc9-2x96
github.com/containers/podman/commit/d82a41687e614d9ac8b2d169dee47fe226835e4c
github.com/containers/podman/pull/15618
github.com/containers/podman/pull/15677
github.com/containers/podman/pull/15696
www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
7.0%