CVE-2022-2989

Sažetak

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2121445
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
https://bugzilla.redhat.com/show_bug.cgi?id=2121445
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

CVSS

Base:	7.1
Impact:	5.2
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

05-06-2025 - 19:15

Objavljeno

13-09-2022 - 14:15