Veracode Vulnerability DatabaseVERACODE:41725Privilege Dropping
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS
Percentile
20.2%
github.com/apptainer/apptainer is vulnerable to Privilege Dropping. The vulnerability exists because the library does not restore the old syscall setresuid behavior when escalating or dropping privileges, which allows an attacker to provide a maliciously crafted starter config to delete any directory on the host filesystem.
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS
Percentile
20.2%