QwikSec

Security Database

CVE

CWE

Training

CVE-2022-27651

Published: Apr 4, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Vendor	Product	Versions
n/a	buildah	affected `Affects buildah v1.24.0 and prior, Fixed in - v1.25.0`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2066840

x_refsource_MISC

https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h

x_refsource_MISC

https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b

x_refsource_MISC

FEDORA-2022-224a93852c

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-e6388650ea

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-1a15fe81f0

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.