CVE-2022-27651

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
buildah_projectbuildah
𝑥
< 1.25.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-github-containers-buildah
bullseye
no-dsa
bookworm
1.28.2+ds1-3
fixed
sid
1.37.5+ds1-1
fixed
trixie
1.37.5+ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-github-containers-buildah
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2066840
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25YI27MENCEPZTTGRVU6BQD5V53FNI52/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NETC7I6RTMMBRJJQVJOJUPDK4W4PQSJ/
https://bugzilla.redhat.com/show_bug.cgi?id=2066840
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25YI27MENCEPZTTGRVU6BQD5V53FNI52/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NETC7I6RTMMBRJJQVJOJUPDK4W4PQSJ/