cbcvebase.
CVE-2023-38496
published 2023-07-25

CVE-2023-38496: Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore…

PriorityP412low3.3CVSS 3.1
AVLACLPRNUIRSUCNILAN
EPSS
0.24%
15.2th percentile
Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.

Affected

3 ranges
VendorProductVersion rangeFixed in
apptainerapptainer
github.comapptainer_apptainer>= 1.2.0 < 1.2.11.2.1
lfprojectsapptainer
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.