1. Home
  2. Vulnerabilities
  3. CVE-2022-27649

CVE-2022-27649

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 6 (Medium)
60% Progress
EPSS 0.25 % (65th)
0.25% Progress
Affected Products 14
Advisories 19
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Weaknesses
CWE-276
Incorrect Default Permissions
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-04-04 20:15:10
(2 years ago)
Updated Date
2023-11-07 03:45:22
(10 months ago)

Affected Products

Fedoraproject

Podman Project

Redhat

Configuration #1

    CPE23 From Up To
  Podman Project Podman prior 4.0.3 version cpe:2.3:a:podman_project:podman < 4.0.3

Configuration #2

    CPE23 From Up To
  Redhat Developer Tools 1.0 cpe:2.3:a:redhat:developer_tools:1.0
  Redhat Openshift Container Platform 4.0 cpe:2.3:a:redhat:openshift_container_platform:4.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux 8.6 cpe:2.3:o:redhat:enterprise_linux:8.6
  Redhat Enterprise Linux Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_eus:8.4
  Redhat Enterprise Linux Eus 8.6 cpe:2.3:o:redhat:enterprise_linux_eus:8.6
  Redhat Enterprise Linux for Ibm Z Systems 8.0 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0
  Redhat Enterprise Linux for Ibm Z Systems 8.6 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6
  Redhat Enterprise Linux for Ibm Z Systems Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4
  Redhat Enterprise Linux for Ibm Z Systems Eus 8.6 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6
  Redhat Enterprise Linux for Power Little Endian 8.0 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0
  Redhat Enterprise Linux for Power Little Endian Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4
  Redhat Enterprise Linux Server Aus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
  Redhat Enterprise Linux Server Aus 8.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6
  Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 8.4 cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4
  Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 8.6 cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6
  Redhat Enterprise Linux Server Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
  Redhat Enterprise Linux Server Tus 8.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6
  Redhat Enterprise Linux Server Update Services for Sap Solutions 8.4 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4
  Redhat Enterprise Linux Server Update Services for Sap Solutions 8.6 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35
  Fedoraproject Fedora 36 cpe:2.3:o:fedoraproject:fedora:36