Security Advisories

CGA-x7mh-w3g6-2c7r

Published

Last updated

https://images.chainguard.dev/security/CGA-x7mh-w3g6-2c7r

Package

buildah

Latest Update

Not affected

Aliases

CVE-2022-2990
GHSA-fjm8-m7m6-2fjp

Severity

7.1

High

CVSS V3

Summary

Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification

Description

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-2990
https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
https://github.com/containers/buildah/pull/4200
https://github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b
https://access.redhat.com/security/cve/CVE-2022-2990
https://bugzilla.redhat.com/show_bug.cgi?id=2121453
https://github.com/containers/buildah
https://pkg.go.dev/vuln/GO-2022-1008
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-x7mh-w3g6-2c7r

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources