Lucene search
Veracode Vulnerability DatabaseVERACODE:40850HistoryJun 09, 2023 - 11:58 a.m.
File System Sandbox Breakout
2023-06-0911:58:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
file system sandbox breakout
lima-vm/lima
base image
host machine
vulnerability
2.7 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
19.7%
github.com/lima-vm/lima is vulnerable to a File System Sandbox Breakout. The vulnerability exists due to differential disk images used as the base image, which allows an attacker to aread files off the host machine.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/lima-vm/lima | le | v0.15.1 | |
| github.com/lima-vm/lima | le | v0.15.1 |
Related
osv
osv
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
2023-05-31 23:38:28
CVE-2023-32684
2023-05-30 18:15:10
prion
prion
Path traversal
2023-05-30 18:15:00
cvelist
cvelist
cve
cve
CVE-2023-32684
2023-05-30 18:15:10
github
github
nvd
nvd
CVE-2023-32684
2023-05-30 18:15:10
2.7 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
19.7%
Related for VERACODE:40850