7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
7.0%
github.com/containers/buildah is vulnerable to information disclosure. The vulnerability exists in configureUIDGID
function in run_common.go
due to improper handling of the supplementary groups in the Buildah container engine which allows an attacker to gain access to containers and perform unauthorized actions.
access.redhat.com/errata/RHSA-2022:7457
access.redhat.com/errata/RHSA-2022:7822
access.redhat.com/errata/RHSA-2022:8008
access.redhat.com/errata/RHSA-2022:8431
access.redhat.com/security/cve/CVE-2022-2990
bugzilla.redhat.com/show_bug.cgi?id=2121453
github.com/advisories/GHSA-fjm8-m7m6-2fjp
github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b
github.com/containers/buildah/pull/4200
www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
7.0%