Base Score

HIGH7.1

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateSep 13, 2022, 14:15

Affected Versions(2)

github.com/containers/podman/v4(Go)

Introduced0

Fixed4.2.0

LimitN/A

github.com/containers/podman/v3(Go)

Introduced0

Fixed3.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/containers/podman/v4(Go)	0	4.2.0	N/A
github.com/containers/podman/v3(Go)	0	3.0.1	N/A

Weakness Type (CWE):CWE-842

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

Base Score

HIGH7.1

Weakness Type (CWE):CWE-842

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE