CVE-2022-27652
published 2022-04-18CVE-2022-27652: A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine)…
medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| github.com | cri-o_cri-o | >= 0 < 1.24.0 | 1.24.0 |
| mobyproject | moby | < 20.10.14 | 20.10.14 |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |