CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

15 Sep 2022, 19:32

Type Values Removed Values Added
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
CPE cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
References (MISC) https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ - (MISC) https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ - Exploit, Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2121445 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2121445 - Exploit, Issue Tracking, Patch, Third Party Advisory

13 Sep 2022, 15:45

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-13 14:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-2989

Mitre link : CVE-2022-2989

CVE.ORG link : CVE-2022-2989


JSON object : View

Products Affected

podman_project

  • podman

redhat

  • enterprise_linux
  • openshift_container_platform
CWE
CWE-842

Placement of User into Incorrect Group

CWE-863

Incorrect Authorization