CVE-2022-27649: Incorrect Default Permissions
(updated )
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
References
- bugzilla.redhat.com/show_bug.cgi?id=2066568
- github.com/advisories/GHSA-qvf8-p83w-v58j
- github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
- github.com/containers/podman/releases/tag/v4.0.3
- github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
- nvd.nist.gov/vuln/detail/CVE-2022-27649
Detect and mitigate CVE-2022-27649 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →