​
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2022-2990

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2022-2990

Severity

7.1

High

CVSS V3

Description

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

References

  • https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
  • https://bugzilla.redhat.com/show_bug.cgi?id=2121453
  • https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
  • https://security-tracker.debian.org/tracker/CVE-2022-2990

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Chainguard Images

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customer StoriesChainguard Love

About UsOpen SourceCareersNewsroomLegal

Unchained BlogResearchEventsTrust CenterDocumentation