Github.Com Apptainer Apptainer vulnerabilities

CVE-2025-65105 [MEDIUM] CWE-61 Apptainer ineffectively applies selinux and apparmor --security options Apptainer ineffectively applies selinux and apparmor --security options ### Impact In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used `--security` option, in particular the forms `--security=apparmor:` and `--security=selinux:` which otherwise put restrictions on operations that containers can do. The `--security` option has always been mentioned

CVE-2023-38496 [MEDIUM] CWE-269 Ineffective privileges drop when requesting container network Ineffective privileges drop when requesting container network ### Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an attacker could possibly craft a starter c

CVE-2023-30549 [MEDIUM] CWE-416 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer ### Impact There is an ext4 use-after-free flaw described in CVE-2022-1184 that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unle