1. Home
  2. Vulnerabilities
  3. CVE-2022-27651

CVE-2022-27651

CVSS v3.1 6.8 (Medium)
68% Progress
CVSS v2.0 4.9 (Medium)
49% Progress
EPSS 0.13 % (49th)
0.13% Progress
Affected Products 3
Advisories 21
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Weaknesses
CWE-276
Incorrect Default Permissions
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-04-04 20:15:10
(2 years ago)
Updated Date
2023-11-07 03:45:22
(10 months ago)

Affected Products

Buildah Project

Fedoraproject

Redhat

Configuration #1

    CPE23 From Up To
  Buildah Project Buildah prior 1.25.0 version cpe:2.3:a:buildah_project:buildah < 1.25.0

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35
  Fedoraproject Fedora 36 cpe:2.3:o:fedoraproject:fedora:36

Configuration #3

    CPE23 From Up To
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0