CVE-2022-27649: A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine)…

high7.5CVSS 3.1

AVNACHPRLUINSUCHIHAH

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Affected

33 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	libpod	< libpod 3.4.6+ds1-1 (bookworm)	libpod 3.4.6+ds1-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
github.com	containers_podman_v4	>= 0 < 4.0.3	4.0.3
libpod_project	libpod	>= 0 < 3.0.1+dfsg1-3+deb11u2	3.0.1+dfsg1-3+deb11u2
libpod_project	libpod	>= 0 < 3.4.6+ds1-1	3.4.6+ds1-1
msrc	cbl2_cri-o_1.21.7-3_on_cbl_mariner_2.0	—	—
msrc	cbl2_podman_4.1.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl_mariner_2.0_arm	—	—
msrc	cbl_mariner_2.0_x64	—	—
podman_project	podman	< 4.0.3	4.0.3
podman_project	podman	—	—
redhat	developer_tools	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_power_little_endian	—	—
redhat	enterprise_linux_for_power_little_endian_eus	—	—
redhat	enterprise_linux_server_aus	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.5HIGH