CVE-2022-27649

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-27649
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27649.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-27649
Aliases
Related
Published
2022-04-04T20:15:10Z
Modified
2024-09-22T22:49:37.984954Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

References

Affected packages

Debian:11 / libpod

Package

Name
libpod
Purl
pkg:deb/debian/libpod?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1+dfsg1-3+deb11u2

Affected versions

3.*

3.0.1+dfsg1-3
3.0.1+dfsg1-3+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libpod

Package

Name
libpod
Purl
pkg:deb/debian/libpod?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.6+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/containers/podman

Affected ranges

Type
GIT
Repo
https://github.com/containers/podman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.10.1
v0.10.1.1
v0.10.1.2
v0.10.1.3
v0.11.1
v0.11.1.1
v0.12.1
v0.12.1.1
v0.12.1.2
v0.2
v0.2.1
v0.2.2
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.8.1
v0.8.2
v0.8.2.1
v0.8.3
v0.8.4
v0.8.5
v0.9.1
v0.9.1.1
v0.9.2
v0.9.2.1
v0.9.3
v0.9.3.1

v1.*

v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5.0
v1.5.1
v1.6.0
v1.6.0-rc1
v1.6.0-rc2
v1.6.1
v1.6.1-rc1
v1.6.2
v1.6.2-rc1
v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.8.0
v1.8.0-rc1
v1.8.1
v1.8.1-rc1
v1.8.1-rc2
v1.8.1-rc3
v1.8.1-rc4
v1.8.2
v1.8.2-rc1
v1.9.0
v1.9.0-rc1
v1.9.0-rc2

v2.*

v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.0-rc5
v2.0.0-rc6
v2.0.0-rc7
v2.1.0
v2.1.0-rc1
v2.1.0-rc2
v2.2.0-rc1
v2.2.0-rc2

v3.*

v3.1.0-rc1
v3.2.0-rc1

v4.*

v4.0.0-rc1
v4.0.0-rc2